Merge branch '2.x' into dependabot/maven/log4j-to-slf4j/2.x/org.slf4j-slf4j-api-2.0.17

Author: ppkarwasz

.asf.yaml

@@ -16,7 +16,7 @@
 #
 
 # `.asf.yaml` is a branch-specific YAML configuration file for Git repositories to control features such as notifications, GitHub settings, etc.
-# See its documentation for details: https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features
+# See its documentation for details: https://github.com/apache/infrastructure-asfyaml
 
 # Bare minimum `notifications` to
 #
@@ -31,12 +31,15 @@ notifications:
   pullrequests: [email protected]
   pullrequests_bot_dependabot: [email protected]
   jira_options: link label worklog
+  discussions: [email protected]
 
 github:
   description: "Apache Log4j is a versatile, feature-rich, efficient logging API and backend for Java."
   homepage: https://logging.apache.org/log4j/2.x
   features:
     issues: true
+    discussions: true
+    projects: true
   del_branch_on_merge: true
   autolink_jira:
     - LOG4J2
@@ -60,8 +63,39 @@ github:
     merge:   false
     rebase:  false
 
+  # Enforce Review-then-Commit
   protected_branches:
-    main:
-      required_signatures: true
     2.x:
+      # All commits must be signed
+      required_signatures: true
+      # All reviews must be addressed before merging
+      required_conversation_resolution: true
+      # Require checks to pass before merging
+      required_status_checks:
+        checks:
+          # The GitHub Actions app: 15368
+          - app_id: 15368
+            context: "build / build (ubuntu-latest)"
+          # The GitHub Advanced Security app: 57789
+          - app_id: 57789
+            context: "CodeQL"
+      # At least one positive review must be present
+      required_pull_request_reviews:
+        required_approving_review_count: 1
+    main:
+      # All commits must be signed
       required_signatures: true
+      # All reviews must be addressed before merging
+      required_conversation_resolution: true
+      # Require checks to pass before merging
+      required_status_checks:
+        checks:
+          # The GitHub Actions app: 15368
+          - app_id: 15368
+            context: "build / build (ubuntu-latest)"
+          # The GitHub Advanced Security app: 57789
+          - app_id: 57789
+            context: "CodeQL"
+      # At least one positive review must be present
+      required_pull_request_reviews:
+        required_approving_review_count: 1

.cherry_picker.toml

@@ -0,0 +1,24 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+team = "apache"
+repo = "logging-log4j2"
+check_sha= "3da98f7c9de9bf4abb17e10dad678e05ab658a3a"
+fix_commit_msg = false
+default_branch = "2.x"
+require_version_in_branch_name=false
+draft_pr = true

.github/FUNDING.yml

@@ -0,0 +1,25 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+##
+# This file controls the "Sponsor" button in this repo.
+# For details see:
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository
+#
+# WARNING: the `github` key accepts only 4 GitHub user ids, so we can not use this feature.
+#
+custom: "https://logging.apache.org/support.html#sponsors"
+tidelift: "maven/org.apache.logging.log4j:log4j-core"

.github/workflows/build.yaml

@@ -30,7 +30,7 @@ jobs:
 
   build:
     if: github.actor != 'dependabot[bot]'
-    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/12.0.0
+    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/12.1.0
     secrets:
       DV_ACCESS_TOKEN: ${{ startsWith(github.ref_name, 'release/') && '' || secrets.DEVELOCITY_ACCESS_KEY }}
     with:
@@ -44,7 +44,7 @@ jobs:
   deploy-snapshot:
     needs: build
     if: github.repository == 'apache/logging-log4j2' && github.ref_name == '2.x'
-    uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@rel/12.0.0
+    uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@rel/12.1.0
     # Secrets for deployments
     secrets:
       NEXUS_USERNAME: ${{ secrets.NEXUS_USER }}
@@ -57,7 +57,7 @@ jobs:
   deploy-release:
     needs: build
     if: github.repository == 'apache/logging-log4j2' && startsWith(github.ref_name, 'release/')
-    uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@rel/12.0.0
+    uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@rel/12.1.0
     # Secrets for deployments
     secrets:
       GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
@@ -78,7 +78,7 @@ jobs:
     needs: [ deploy-snapshot, deploy-release ]
     if: ${{ always() && (needs.deploy-snapshot.result == 'success' || needs.deploy-release.result == 'success') }}
     name: "verify-reproducibility (${{ needs.deploy-release.result == 'success' && needs.deploy-release.outputs.project-version || needs.deploy-snapshot.outputs.project-version }})"
-    uses: apache/logging-parent/.github/workflows/verify-reproducibility-reusable.yaml@rel/12.0.0
+    uses: apache/logging-parent/.github/workflows/verify-reproducibility-reusable.yaml@rel/12.1.0
     with:
       nexus-url: ${{ needs.deploy-release.result == 'success' && needs.deploy-release.outputs.nexus-url || 'https://repository.apache.org/content/groups/snapshots' }}
       # Encode the `runs-on` input as JSON array

.github/workflows/codeql-analysis.yaml

@@ -30,7 +30,7 @@ permissions: read-all
 jobs:
 
   analyze:
-    uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@rel/12.0.0
+    uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@rel/12.1.0
     with:
       java-version: |
         8

.github/workflows/deploy-site.yaml

@@ -33,7 +33,7 @@ jobs:
 
   deploy-site-stg:
     if: github.repository == 'apache/logging-log4j2' && github.ref_name == '2.x'
-    uses: apache/logging-parent/.github/workflows/deploy-site-reusable.yaml@rel/12.0.0
+    uses: apache/logging-parent/.github/workflows/deploy-site-reusable.yaml@rel/12.1.0
     # Secrets for committing the generated site
     secrets:
       GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
@@ -51,7 +51,7 @@ jobs:
 
   deploy-site-pro:
     if: github.repository == 'apache/logging-log4j2' && github.ref_name == '2.x-site-pro'
-    uses: apache/logging-parent/.github/workflows/deploy-site-reusable.yaml@rel/12.0.0
+    uses: apache/logging-parent/.github/workflows/deploy-site-reusable.yaml@rel/12.1.0
     # Secrets for committing the generated site
     secrets:
       GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
@@ -81,7 +81,7 @@ jobs:
 
   deploy-site-rel:
     needs: export-version
-    uses: apache/logging-parent/.github/workflows/deploy-site-reusable.yaml@rel/12.0.0
+    uses: apache/logging-parent/.github/workflows/deploy-site-reusable.yaml@rel/12.1.0
     # Secrets for committing the generated site
     secrets:
       GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}

.github/workflows/merge-dependabot.yaml

@@ -30,7 +30,7 @@ jobs:
 
   build:
     if: github.repository == 'apache/logging-log4j2' && github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]'
-    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/12.0.0
+    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/12.1.0
     secrets:
       DV_ACCESS_TOKEN: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
     with:
@@ -42,7 +42,7 @@ jobs:
 
   merge-dependabot:
     needs: build
-    uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@rel/12.0.0
+    uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@rel/12.1.0
     with:
       java-version: 17
     permissions:

.gitignore

@@ -40,3 +40,5 @@ felix-cache/
 node
 node_modules
 package-lock.json
+# Maven extensions
+/.mvn/extensions.xml

log4j-1.2-api/src/main/java/org/apache/log4j/Hierarchy.java

@@ -16,6 +16,7 @@
  */
 package org.apache.log4j;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -79,10 +80,16 @@ protected Logger newLogger(final String name, final org.apache.logging.log4j.spi
     private static class PrivateLogManager extends org.apache.logging.log4j.LogManager {
         private static final String FQCN = Hierarchy.class.getName();
 
+        @SuppressFBWarnings(
+                value = "HSM_HIDING_METHOD",
+                justification = "The class is private, no confusion can arise.")
         public static LoggerContext getContext() {
             return getContext(FQCN, false);
         }
 
+        @SuppressFBWarnings(
+                value = "HSM_HIDING_METHOD",
+                justification = "The class is private, no confusion can arise.")
         public static org.apache.logging.log4j.Logger getLogger(final String name) {
             return getLogger(FQCN, name);
         }

log4j-1.2-api/src/main/java/org/apache/log4j/bridge/LogEventAdapter.java

@@ -37,7 +37,7 @@
  */
 public class LogEventAdapter extends LoggingEvent {
 
-    private static final long JVM_START_TIME = initStartTime();
+    public static final long JVM_START_TIME = initStartTime();
 
     private final LogEvent event;
 
@@ -50,7 +50,7 @@ public LogEventAdapter(final LogEvent event) {
      * elapsed since 01.01.1970.
      * @return the time when the JVM started.
      */
-    public static long getStartTime() {
+    public static long getJvmStartTime() {
         return JVM_START_TIME;
     }