-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
log4j-core >= 2.22.0: Missing spotbugs-annotations dependency #2144
Comments
Hi @chrisribble, The dependencies on various annotation libraries are there, but they are in Maven's This scope was chosen since these libraries contain only annotations (which cause no exception at runtime if missing) and most of them has a retention of You can disable the compiler warnings with May I ask why do you need to access |
I'm calling This is not a "web" application and we also explicitly disable log4j's built-in shutdown hooks. Originally, we did this because we noticed that the built-in shutdown hook was running in parallel with our shutdown hook and resulted in non-deterministic log output (since the hooks were racing). We assumed it was important to shut down log4j and added the explicit shutdown. However, it seems like it's not really all that important to explicitly shut down log4j in this scenario, since we're just logging to the console. k8s ships our console logs for us and we aren't using async logging. In my local testing with So yeah, it seems like I can just remove this along with the explicit dependency on |
You can use
Yes, the lack of a determined order among shutdown hooks is somehow problematic. |
I think we should not tell users striving for
Agreed. This indeed appears like the best way forward. @chrisribble, since you 👍'ed this resolution, I am closing the issue. |
Sorry, you are right. The optimal solution is to spread Spotbugs usage, which has many more tests than We specifically try to describe every Spotbugs suppression, so that developers are for example aware that calling the |
Description
Commit 8996e9f added
@SuppressFBWarnings
annotations to some constructors, but the corresponding Maven dependency was not re-configured so that it would be available at compile time (at least for Gradle projects).This results in compile warnings while building code that references these classes (
org.apache.logging.log4j.core.LoggerContext
in my application).In all of my projects, I switch warnings to errors and fail the build, so this makes log4j-core >= 2.22.0 unusable without hacking my build configuration.
I suggest adding the appropriate Maven dependencies so that the annotations are added to the compile classpath in Maven/Gradle.
Adding the following dependency in Gradle is sufficient to avoid the compile warnings, but needing to do this in each of my applications/subprojects is sub-optimal.
compileOnly 'com.github.spotbugs:spotbugs-annotations:4.8.3'
Configuration
Version: 2.22.0 / 2.22.1
Operating system: Linux
JDK: OpenJDK 64-Bit Server VM Temurin-17.0.8.1+1
Logs
The text was updated successfully, but these errors were encountered: