• DRAFT - this is a work in progress

Mark Prins

This proposal is for GeoServer 2.21.

• Under Discussion
• In Progress
• Completed
• Rejected
• Deferred

Log4j 1 was announced to be End-Of-Life in 2015, several vulnerabilities have been logged since this time though none of which affect GeoServer as shipped. GeoServer has started using a custom version with the footgun removed but people keep raising issues (maily because automated tools keep flagging it). Logback provides a faster, memory-optimized logging (compared to log4j 1.x) functionality with built-in SLF4J. Logback can automatically reload configuration files, which could simplify the current log configuration switching in GeoServer, by logback uses a system property to find the config file.

1. Replace any log4j API useage with logback functionality
2. translate the current logging profiles to logback configurations

This is a breaking change. TODO

Project Steering Committee:

• Alessio Fabiani:
• Andrea Aime:
• Ian Turton:
• Jody Garnett:
• Jukka Rahkonen:
• Kevin Smith:
• Simone Giannecchini:
• Torben Barsballe:
• Nuno Oliveira:

• Reasons to prefer logback over log4j 1.x
• Logback documentation