[logback-dev] [JIRA] (LOGBACK-1347) HardenedObjectInputStream can't handle multiple markers
noreply-jira at qos.ch
Fri Oct 13 00:11:00 CEST 2017
Nathan Jensen created LOGBACK-1347:
Summary: HardenedObjectInputStream can't handle multiple markers
Issue Type: Bug
Components: logback-classic, logback-core
Affects Versions: 1.2.0
Reporter: Nathan Jensen
Assignee: Logback dev list
I have an application that uses logback classic's SocketAppender to send events to a separate logging process. The separate process is using logback classic's ServerSocketReceiver and then tracks details about the events. With logback 1.2 it stopped working and the receiving process started outputting: "java.io.InvalidClassException: Unauthorized deserialization attempt; [Ljava.lang.Object;". Trying to track it down I finally found that it happened when I had two or more Markers on the event. Specifically with code such as:
Marker marker = MarkerFactory.getDetachedMarker(processName);
Tracing further, the error message comes from logback core's HardenedObjectInputStream.resolveClass(ObjectStreamClass). The related class HardenedLoggingEventInputStream has a whitelist of accepted classnames that includes org.slf4j.helpers.BasicMarker but not Object. When the sending application code calls BasicMarker.add(Marker), the BasicMarker will create a new internal Vector. That Vector has the field elementData of type Object which gets serialized in the sending process. Then the receiving process does not accept Object during deserialization and produces the error above.
In short, I can't have two slf4j Markers on an event and send it across with serialization with logback classic's SocketAppender and ServerSocketReceiver.
This message was sent by Atlassian JIRA
More information about the logback-dev