优化调整日志模块实始化逻辑并更新Log4j2版本以解决CVE-2021-44228问题

Author: suninformation

pom.xml

@@ -153,7 +153,7 @@
             <dependency>
                 <groupId>junit</groupId>
                 <artifactId>junit</artifactId>
-                <version>4.12</version>
+                <version>4.13.1</version>
                 <scope>test</scope>
             </dependency>
             <dependency>
@@ -169,7 +169,7 @@
             <dependency>
                 <groupId>commons-io</groupId>
                 <artifactId>commons-io</artifactId>
-                <version>2.5</version>
+                <version>2.7</version>
             </dependency>
             <dependency>
                 <groupId>commons-codec</groupId>
@@ -195,7 +195,7 @@
             <dependency>
                 <groupId>com.alibaba</groupId>
                 <artifactId>fastjson</artifactId>
-                <version>1.2.72</version>
+                <version>1.2.78</version>
             </dependency>
             <dependency>
                 <groupId>net.sf.ehcache</groupId>
@@ -211,12 +211,12 @@
             <dependency>
                 <groupId>org.apache.logging.log4j</groupId>
                 <artifactId>log4j-api</artifactId>
-                <version>2.3</version>
+                <version>2.15.0</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.logging.log4j</groupId>
                 <artifactId>log4j-core</artifactId>
-                <version>2.3</version>
+                <version>2.15.0</version>
             </dependency>
             <dependency>
                 <groupId>org.slf4j</groupId>

ymate-platform-log/src/main/java/net/ymate/platform/log/impl/DefaultLogger.java

@@ -20,6 +20,7 @@
 import org.apache.logging.log4j.Level;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.core.LoggerContext;
 import org.apache.logging.log4j.core.config.*;
 import org.apache.logging.log4j.core.config.xml.XmlConfigurationFactory;
 
@@ -147,15 +148,18 @@ public synchronized ILogger init(ILog owner, String loggerName) throws Exception
             //
             if (!__logInited) {
                 ConfigurationSource _source = new ConfigurationSource(new FileInputStream(__owner.getModuleCfg().getConfigFile()));
-                Configurator.initialize(null, _source);
-                final Configuration _config = new DefaultConfiguration();
+                LoggerContext loggerContext = Configurator.initialize(null, _source);
                 ConfigurationFactory.setConfigurationFactory(new XmlConfigurationFactory() {
+
+                    private final Configuration _config = new DefaultConfiguration();
+
                     @Override
-                    public Configuration getConfiguration(ConfigurationSource source) {
+                    public Configuration getConfiguration(final LoggerContext loggerContext, final ConfigurationSource source) {
                         return _config;
                     }
                 });
-                ConfigurationFactory.getInstance().getConfiguration(_source);
+                ConfigurationFactory.getInstance().getConfiguration(loggerContext, _source);
+                //
                 __logInited = true;
             }
             __logger = LogManager.getLogger(StringUtils.defaultIfBlank(loggerName, __owner.getModuleCfg().getLoggerName()));