The current defaults are to format timestamps using the local timezone. Since switching to the time crate to avoid unsafe code in chrono (CVE-2020-26235), a lot of users use simple_logger in scenarios where time refuses to fetch the local timezone to avoid running unsafe code (https://github.com/time-rs/time/issues/293). This usually affects users running a multithreaded application, as time assumes it's safe to get the local timezone when running in a single-threaded environment where there's no risk of an environment variable being set by a different thread.
Support for UTC timestamps has been added to simple_logger, but I'm currently trying to work out the best way to safely change the default away from local timestamps in a way that doesn't risk silently changing user's logs from one timezone to another with no way to tell the difference.
If this issue is affecting you, there are a few approaches you can take:
Upgrade to simple_logger 2.0.0
This breaking change switches to UTC timestamps in RFC 3339 format.
The current defaults are to format timestamps using the local timezone. Since switching to the
time
crate to avoid unsafe code inchrono
(CVE-2020-26235), a lot of users usesimple_logger
in scenarios wheretime
refuses to fetch the local timezone to avoid running unsafe code (https://github.com/time-rs/time/issues/293). This usually affects users running a multithreaded application, astime
assumes it's safe to get the local timezone when running in a single-threaded environment where there's no risk of an environment variable being set by a different thread.Support for UTC timestamps has been added to
simple_logger
, but I'm currently trying to work out the best way to safely change the default away from local timestamps in a way that doesn't risk silently changing user's logs from one timezone to another with no way to tell the difference.If this issue is affecting you, there are a few approaches you can take:
simple_logger
2.0.0 This breaking change switches to UTC timestamps in RFC 3339 format..with_utc_timestamps()
like in examples/timestamps_utc.rs. Use a static UTC offset via.with_utc_offset(...)
like in examples/timestamps_utc_offset.rs. Don't display timestamps at all via.without_timestamps()
like in examples/timestamps_none.rs.time
crate's unsafe features ExportRUSTFLAGS="--cfg unsound_local_offset"
when compiling (docs).Issues related to this are all tagged CVE-2020-26235. Tagging #51, #48, #47, #44, #43, #35.