Releases: SAP/cf-java-logging-support
v3.6.0
Note: this version does not include the Java thread name in the log messages. This bug is fixed in v3.6.1
This release contains a major refactoring of the JSON generation code.
The implementation now uses Jackson's ObjectComposer instead of a string pattern.
This increases performance and allows several extension points to library users.
See the Wiki article on Writing Application Logs for details.
In particular it is now possible to register custom "Field Suppliers", that can add custom fields to the log message.
Furthermore, custom field support now extends to request logs.
Another major change is, that the library will no longer add CloudFoundry metadata (from env VCAP_APPLICATION) by default.
This reduces the message size considerably and improves human readability.
Usually, the missing data is unproblematic, since it is added in the message envelope by CF Loggregator.
If your logging service cannot extract the information from the envelope, you can bring back the old behaviour with the example configuration given in the Wiki article on Writing Application Logs.
What's Changed
- Add support for W3C traceparent HTTP header by @KarstenSchnitter in #139
- Introduce JHM Benchmarking for Log Backends by @KarstenSchnitter in #137
- Refactor Logback Log Generation by @KarstenSchnitter in #140
- Refactor json generation log4j2 by @KarstenSchnitter in #142
Full Changelog: v3.5.7...v3.6.0
Contributors
Assets 2
v3.5.7
This is a bugfix release for #135.
What's Changed
- #135 Fix UOE when using Custom Fields by @KarstenSchnitter in #136
- Fix typo and formatting by @TimGerlach in #134
New Contributors
- @TimGerlach made their first contribution in #134
Full Changelog: v3.5.6...v3.5.7
Contributors
Assets 2
v3.5.6
This is purely a dependency update to resolve CVE-2021-44832 and CVE-2021-42550
What's Changed
Upgraded dependencies:
- log4j2 2.17.1 (resolve CVE-2021-44832)
- logback 1.2.10 (resolve CVE-2021-42550)
- jackson-jr 2.13.1
- junit 4.13.2
- spring-boot 2.6.1
Full Changelog: v3.5.5...v3.5.6
v3.5.5
-Plog4j2 by replacing the Spring Boot provided log4j version with 2.17.0.
What's Changed
Full Changelog: v3.5.4...v3.5.5
v3.5.4
What's Changed
- #123 Upgrade of 3rd party dependencies new versions
- log4j 2.16.0
- slf4j 1.7.32
- logback 1.7.32
- jackson-jr 2.13.0
- jackson-databind 2.13.0 (servlet)
- java-jwt 3.18.2 (servlet)
- spring-boot 2.6.1 (sample app)
- jetty 9.4.44.v20210927 (test only)
- #126 Fix invalid JSON format generated with cf-java-logging-support-log4j2 as described in #124
Full Changelog: v3.5.3...v3.5.4
v3.5.3
of a vulnerable dependency into your application. Make sure to check your dependency
configuration, that you only use fixed Log4j2 versions (>=2.5.0).
With this release we start introduction of features, that reduce the amount of superfluous information.
The goal is the reduction of message size. As a first step, the library will by default no longer emit fields, that contain the default value, e.g. "-" for strings. This feature can be disabled.
What's Changed
Full Changelog: v3.5.2...v3.5.3
v3.5.2
This release adds support for additional headers in the generated request logs. The new headers improve debugging scenarios when reverse proxies are used to forward requests. In addition to the already support header "x-forwarded-for" three additional headers are added: "x-forwarded-host", "x-forwarded-proto" and "x-custom-host". Furthermore, support for SSL validation headers as issued by HA-Proxy were added: "x-ssl-client", "x-ssl-client-verify", "x-ssl-client-subject-dn", "x-ssl-client-subject-cn", "x-ssl-client-issuer-dn", "x-ssl-client-notbefore", "x-ssl-client-notafter" and "x-ssl-client-session-id". To enable logging of these "x-ssl-*" headers the environment variable "LOG_SSL_HEADERS" needs to be set to "true".
Detailed changes are:
- #119 Support of reverse proxy headers
- upgrade Spring Boot version of sample app to 2.5.3
v3.5.1
This release removes a long standing side-effect in the servlet instrumentation: When a user sets a log field, that is auto-filled from some http header, e.g. tenant_id, the user-provided value may get overwritten or deleted during generation of the request log. This behaviour is now removed. Http headers are only propagated to log fields in the AddHttpHeadersToLogContextFilter, which is part of RequestLoggingFilter and StaticLevelRequestLoggingFilter.
Detailed changes are:
v3.5.0
This release switches the shipment channel for custom metrics. They are now send as JSON-formatted log messages over stdout. Previously they were send over an HTTP endpoint. This feature has been removed. Metrics are still only emitted, when the app is bound to a services named "application-logs". See the documentation for details.
Detailed changes are:
- #109 new shipment channel of custom metrics as log messages
- #108 upgrade Jetty version used in tests to 9.4.41.v20210516
- #106 upgrade httpclient version used in tests to 4.5.13
- upgrade Spring Boot version of sample app to 2.3.12.RELEASE
Note, that there were updates to the licensing and contribution documentation, to align with the SAP organization.
v3.4.0
This release brings a new sample app based on Spring Boot. Several security updates are included, one of which required an update of the Java Servlet API to version 3.1.0. Note, the submodule cf-java-logging-support-jersey is now deprecated to be removed latest with version 4 of this library.
Detailed changes are:
- #87 upgrade Jetty version used in test to 9.4.35.v20201120
- includes upgrade of servlet-api to 3.1.0
- #94 new Spring Boot sample app
- #96 upgrade jackson-databind to 2.10.5.1
- #97 improve
TimestampConverterfor logback, thanks @rahuldeepattri - #98 deprecate cf-java-logging-support-jersey
- #101 improve timestamp handling in
RequestRecord