This isn't because Log4j is doing anything wrong; this is because of increased scrutiny and eyeballs.
I do not envy the team having to work under this microscope :(
Conversation
Replying to
It sort of makes you wonder the value of open source source over build your own.
3
1
Replying to
Oh if you build your own you'll have worse bugs and nobody will do you the favor of finding them for you and telling you!
3
54
The argument here isn't for writing your own code but for
1
2
90% of what those libraries implement should be provided by a logging service. Logging services are an isolated process providing the same functionality for all kinds of different services. They're far more widely used than a third party library for a specific language ecosystem.
1
1
For system administration, each server application bringing their own logging infrastructure as a library would be pretty terrible.
java.util.logging grabs class/method name for you, has a lambda syntax for lazy evaluation and structured exceptions / formatting if you want it.
1
java.util.logging is missing some convenience methods and needs to be configured to use system logging in a structured way rather than stderr. A tiny third party library setting that up nicely would be nice.
It's so weird the Java ecosystem has such a mess for logging instead.
1
1
1
If you need high throughput by avoiding fetching class/method name or doing the string formatting you can make log records yourself. If only that library had been around from the beginning so the third party ones could just be separate frontends and backends for the same thing.