search

qos-ch / reload4j

reload4j is a drop-in replacement for log4j 1.2.17
Apache License 2.0
148 stars 22 forks source link

log4j1 to reload4j causing Missing DocumentBuilderFactory.setFeature() method #45

Closed malathigv closed 2 years ago

malathigv commented 2 years ago

Once i replace log4j1.x with reload4j, the application is unable to parse ang log4j.xml file giving the below exception. log4j:ERROR Failed to parse XML file. Missing DocumentBuilderFactory.setFeature() method?

java.lang.AbstractMethodError: javax.xml.parsers.DocumentBuilderFactory.setFeature(Ljava/lang/String;Z)V

at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:809)

at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:728)

at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:504)

at org.apache.log4j.LogManager.<clinit>(LogManager.java:119)

at org.apache.log4j.Logger.getLogger(Logger.java:101)

at org.apache.commons.logging.impl.Log4JLogger.getLogger(Log4JLogger.java:229)

at org.apache.commons.logging.impl.Log4JLogger.<init>(Log4JLogger.java:65)

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.lang.reflect.Constructor.newInstance(Constructor.java:423)

at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:529)

at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:235)

at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:209)

at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:351)

at org.springframework.context.support.AbstractApplicationContext.<init>(AbstractApplicationContext.java:130)

at org.springframework.context.support.AbstractApplicationContext.<init>(AbstractApplicationContext.java:158)

at org.springframework.context.support.AbstractRefreshableApplicationContext.<init>(AbstractRefreshableApplicationContext.java:67)

at org.springframework.context.support.AbstractXmlApplicationContext.<init>(AbstractXmlApplicationContext.java:49)

at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:84)

at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:72)
ceki commented 2 years ago

Older XML parsers lack the setFeature method. The setFeature method is called to disable entity support in the parser in order to prevent XXE attacks. The solution is to use a more recent XML parser.

malathigv commented 2 years ago

Thank you for yuor response. Is there any response for such queries instead of raising it as an issue? It would be more useful if we get such explanations and resolution for all the changes done to prevent the attacks.