Merge branch 'main' into StartDispatcher

Author: PeterTeunissen

.github/PULL_REQUEST_TEMPLATE/pr_template.md

@@ -0,0 +1,32 @@
+---
+name: Pull Request Template
+about: Create a Pull Request to contribute to the SDK
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+## Description of PR
+
+Provide the **context and motivation** for this PR. 
+Briefly explain the **type of changes** (bug fix, feature request, doc update, etc.) made in this PR. Provide reference to issue # fixed, if applicable.
+
+Describe the approach to the solution, the changes made, and any resulting change in behavior or impact to the user.
+
+## Testing the changes
+
+Please ensure tests are added for your changes.
+Include details of **types of tests** written for the changes in the PR and any **test setup and configuration** required to run the tests.
+Mention the **versions of the SDK, language runtime, OS and details of Splunk deployment** used in testing.
+
+## Documentation
+
+Please ensure **comments** are added for your changes and any **relevant docs** (readme, reference docs, etc.) are updated.
+Include any references to documentation related to the changes.
+
+## Dependencies and other resources
+
+Provide references to PRs or things **dependent on this change** and any relevant PRs or resources like style guides and tools used in this PR. 
+
+

.gitignore

@@ -3,6 +3,7 @@
 .idea
 target
 .vscode
+.factorypath
 *.iml
 pom.xml.old
 pom.xml.orig

CHANGELOG.md

@@ -1,5 +1,65 @@
 # Splunk Logging for Java Changelog
 
+## Version 1.11.5
+
+### Critical Security Update
+* Bump Log4J version to latest 2.17.2 @see [CVE-2021-44832 Log4j<2.17.1](https://nvd.nist.gov/vuln/detail/CVE-2021-44832)
+* Bump Logback version to latest 1.2.11 @see [CVE-2021-42550 Logback<1.2.8](https://nvd.nist.gov/vuln/detail/CVE-2021-42550)
+
+### Enhancements
+* Added StandardErrorCallback class. Register ErrorCallback implementations via logback or log4j xml config. (PR [#215](https://github.com/splunk/splunk-library-javalogging/pull/215))
+  * ErrorCallback class used to handle error other than Server errors.
+
+### Minor Changes
+* Bump org.slf4j:slf4j-api version to latest [1.7.36](https://github.com/qos-ch/slf4j/releases/tag/v_1.7.36)
+* Bump com.squareup.okhttp3:okhttp to latest [4.9.3](https://square.github.io/okhttp/changelogs/changelog_4x/#version-493)
+* Bump com.google.code.gson:gson to latest [2.9.0](https://github.com/google/gson/releases/tag/gson-parent-2.9.0)
+* Flush HttpClient after flushing appenders. (PR [#207](https://github.com/splunk/splunk-library-javalogging/pull/207))
+* Timeout settings modified for OKHttpClient. (PR [#199](https://github.com/splunk/splunk-library-javalogging/pull/199))
+* Default behavior of Splunk event header & body are reverted back to v1.7.3. (PR [#198](https://github.com/splunk/splunk-library-javalogging/pull/198))
+
+## Version 1.11.4
+
+### Critical Security Update
+* Update Logback to version 1.2.9 per CVE-2021-42550.
+
+## Version 1.11.3
+
+### Critical Security Update
+* Upgrade Log4J again v2.17.0 related to CVE-2021-45046 & CVE-2021-44228
+
+## Version 1.11.2
+
+### Critical Security Update
+* Upgrading log4J to 2.16 per CVE-2021-45046.
+
+## Version 1.11.1
+
+### Critical Security Update
+* Upgrading log4J to 2.15 per CVE-2021-44228. [PR](https://github.com/splunk/splunk-library-javalogging/pull/222)
+
+## Version 1.11.0
+
+### Minor Changes
+* Added a parameter to set await termination timeout. [PR](https://github.com/splunk/splunk-library-javalogging/pull/179)
+
+## Version 1.10.0
+
+### Bug Fixes
+
+* Fixed issue causing delayed time when using AsyncAppender (GitHub issue [#186](https://github.com/splunk/splunk-javascript-logging/issues/186))
+  * Now the timestamp is being recorded at the time when log event "occurs" instead of the time when log event is being "sent"
+
+### Minor Changes
+
+* Updated the project to use make conventions to spin up local dockerized instances.
+* Upgrade version of okhttp to 4.9.1.
+* Upgrade version of slf4j to 1.7.30.
+* Upgrade version of gson to 2.8.7.
+* Upgrade version of junit to 4.13.2.
+* Upgrade version of commons to 3.12.
+
+ 
 ## Version 1.9.0
 
 * Resolve an issue with TcpAppender losing events when busy (@avdv)

README.md

@@ -1,6 +1,6 @@
 # Splunk Logging for Java
 
-#### Version 1.9.0
+#### Version 1.11.5
 
 Splunk logging for Java enables you to log events to HTTP Event Collector or to a TCP input on a Splunk Enterprise instance within your Java applications. You can use three major Java logging frameworks: [Logback](http://logback.qos.ch), [Log4j 2](http://logging.apache.org/log4j/2.x/), and [java.util.logging](https://docs.oracle.com/javase/7/docs/api/java/util/logging/package-summary.html). Splunk logging for Java is also enabled for [Simple Logging Facade for Java (SLF4J)](http://www.slf4j.org).
 
@@ -24,18 +24,18 @@ Here's what you need to get going with Splunk logging for Java.
 
 If you haven't already installed Splunk, download it
 [here](http://www.splunk.com/download). For more about installing and running
-Splunk and system requirements, see [Installing & Running Splunk](http://dev.splunk.com/view/SP-CAAADRV). Splunk logging for Java is tested with Splunk Enterprise 7.0 and 7.2.
+Splunk and system requirements, see [Installing & Running Splunk](http://dev.splunk.com/view/SP-CAAADRV). Splunk logging for Java is tested with Splunk Enterprise 8.0 and 8.2.0.
 
-#### Java 
+#### Java
 
 You'll need Java version 8 or higher, from [OpenJDK](https://openjdk.java.net) or [Oracle](https://www.oracle.com/technetwork/java).
 
 #### Logging frameworks
 
 If you're using the Log4j 2, Simple Logging Facade for Java (SLF4J), or Logback logging frameworks in conjunction with Splunk logging for Java there are additional compatibility requirements. For more about logging framework requirements, see [Enable logging to HEC](https://dev.splunk.com/enterprise/docs/devtools/java/logging-java/howtouseloggingjava/enableloghttpjava/) and [Enable logging to TCP inputs](https://dev.splunk.com/enterprise/docs/devtools/java/logging-java/howtouseloggingjava/enablelogtcpjava). These frameworks require:
-* Log4j version 2.12.1
-* SLF4J version 1.7.29
-* Logback version 1.2.3
+* Log4j version 2.17.2
+* SLF4J version 1.7.36
+* Logback version 1.2.11
 
 ## Documentation and resources
 
@@ -51,6 +51,43 @@ If you're using the Log4j 2, Simple Logging Facade for Java (SLF4J), or Logback
 * For more about about Splunk in general, see
   [Splunk>Docs](http://docs.splunk.com/Documentation/Splunk).
 
+## Dependency Management
+
+The `splunk-library-javalogging` artifact can be accessed via Splunk's managed Maven repoitory.
+
+### Apache Maven
+
+First define the repository as follows
+
+```xml
+...
+  <repositories>
+    <repository>
+        <id>splunk-artifactory</id>
+        <name>Splunk Releases</name>
+        <url>https://splunk.jfrog.io/splunk/ext-releases-local</url>
+    </repository>
+  </repositories>
+...
+```
+
+... then reference the dependency as follows
+
+```xml
+...
+  <dependencies>
+    <dependency>
+      <groupId>com.splunk.logging</groupId>
+      <artifactId>splunk-library-javalogging</artifactId>
+      <version>${latest.version}</version>
+    </dependency>
+    ...
+  </dependencies>
+...
+```
+
+The above can be adapted to suit Other dependency management implementations as necessary.
+
 ## License
 
 Splunk logging for Java is licensed under the Apache License 2.0.
@@ -78,4 +115,4 @@ You can [contact support][contact] if you have Splunk related questions.
 
 You can reach the Dev Platform team at [devinfo@splunk.com](mailto:devinfo@splunk.com).
 
-[contact]:                  https://www.splunk.com/en_us/support-and-services.html
+[contact]:                  https://www.splunk.com/en_us/support-and-services.html

pom.xml

@@ -1,24 +1,34 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>com.splunk.logging</groupId>
     <artifactId>splunk-library-javalogging</artifactId>
-    <version>1.9.0</version>
+
+    <version>1.11.5</version>
+
     <packaging>jar</packaging>
 
     <name>Splunk Logging for Java</name>
-    <url>http://dev.splunk.com/goto/sdk-slj</url>
+    <url>https://dev.splunk.com/goto/sdk-slj</url>
 
-    <description>Library for structured, semantic logging of Common Information Model compliant events, meant for use
-        with SLF4J.
+    <description>
+        Library for structured, semantic logging of Common Information Model compliant events, meant for use with SLF4J.
     </description>
 
     <properties>
         <maven.resources.overwrite>true</maven.resources.overwrite>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+
+        <!-- CVE-2021-44228: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 -->
+        <!-- CVE-2021-45046: https://nvd.nist.gov/vuln/detail/CVE-2021-45046 -->
+        <!-- CVE-2021-45105 (Log4j<2.17.0): https://nvd.nist.gov/vuln/detail/CVE-2021-45105 -->
+        <!-- CVE-2021-44832 (Log4j<2.17.1): https://nvd.nist.gov/vuln/detail/CVE-2021-44832 -->
+        <log4j2.version>2.17.2</log4j2.version>
+        
+        <!-- CVE-2021-42550: https://nvd.nist.gov/vuln/detail/CVE-2021-42550 -->
+        <logback.version>1.2.11</logback.version>
     </properties>
     <profiles>
         <profile>
@@ -93,7 +103,9 @@
                             <execution>
                                 <id>attach-javadocs</id>
                                 <configuration>
-                                    <additionalOptions>-Xdoclint:syntax</additionalOptions>
+                                    <additionalOptions>
+                                        <additionalOption>-Xdoclint:syntax</additionalOption>
+                                    </additionalOptions>
                                 </configuration>
                                 <goals>
                                     <goal>jar</goal>
@@ -183,46 +195,46 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.30</version>
+            <version>1.7.36</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
-            <version>1.2.3</version>
+            <version>${logback.version}</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-core</artifactId>
-            <version>1.2.3</version>
+            <version>${logback.version}</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-access</artifactId>
-            <version>1.2.3</version>
+            <version>${logback.version}</version>
             <scope>provided</scope>
         </dependency>
 
         <dependency>
             <groupId>com.squareup.okhttp3</groupId>
             <artifactId>okhttp</artifactId>
-            <version>4.9.1</version>
+            <version>4.9.3</version>
         </dependency>
 
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-api</artifactId>
             <scope>provided</scope>
-            <version>2.14.1</version>
+            <version>${log4j2.version}</version>
         </dependency>
 
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
             <scope>provided</scope>
-            <version>2.14.1</version>
+            <version>${log4j2.version}</version>
         </dependency>
 
         <dependency>
@@ -235,7 +247,7 @@
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
-            <version>2.8.7</version>
+            <version>2.9.0</version>
         </dependency>
 
         <dependency>
@@ -283,7 +295,9 @@
                         </goals>
                         <configuration>
                             <source>8</source>
-                            <additionalOptions>-Xdoclint:syntax</additionalOptions>
+                            <additionalOptions>
+                                <additionalOption>-Xdoclint:syntax</additionalOption>
+                            </additionalOptions>
                         </configuration>
                     </execution>
                 </executions>
@@ -331,4 +345,4 @@
     </scm>
 
 
-</project>
+</project>

src/main/java/com/splunk/logging/HttpEventCollectorErrorHandler.java

@@ -36,6 +36,26 @@
  */
 public class HttpEventCollectorErrorHandler {
 
+    /**
+     * Register error handler via full class name.
+     *
+     * When the class name is null or empty, null is registered to the <code>HttpEventCollectorErrorHandler</code>.
+     *
+     * @param errorCallbackClass the name of the class, for instance: <code>com.splunk.logging.util.StandardErrorCallback</code>
+     */
+    public static void registerClassName(String errorCallbackClass) {
+        if (errorCallbackClass == null || errorCallbackClass.trim().isEmpty()) {
+            HttpEventCollectorErrorHandler.onError(null);
+            return;
+        }
+        try {
+            ErrorCallback callback = (ErrorCallback) Class.forName(errorCallbackClass).newInstance();
+            HttpEventCollectorErrorHandler.onError(callback);
+        } catch (final Exception e) {
+            System.err.println("Warning: cannot create ErrorCallback instance: " + e);
+        }
+    }
+
     /**
      * This exception is passed to error callback when Splunk server replies an error
      */
@@ -100,10 +120,26 @@ public interface ErrorCallback {
     private static ErrorCallback errorCallback;
 
     /**
-     * Register error callbacks
-     * @param callback ErrorCallback
+     * Register error callbacks.
+     *
+     * @param callback ErrorCallback Only one ErrorCallback can be registered. A new one will replace the old one.
      */
     public static void onError(ErrorCallback callback) {
+        if (callback == null) {
+            logInfo("Reset ErrorCallback to null (no error handling).");
+        }
+        else {
+            logInfo("Register ErrorCallback implementation: " + callback);
+            // onError() is called multiple times in unit tests and is also replaced intentionally.
+            // Issue a warning when it is replaced by a different kind of handler.
+            if (errorCallback != null && !errorCallback.equals(callback)) {
+                logWarn("ErrorCallback instance of '"
+                    + errorCallback.getClass().getName()
+                    + "' will be replaced by handler instance of '"
+                    + callback.getClass().getName()
+                    + "'");
+            }
+        }
         errorCallback = callback;
     }
 
@@ -117,4 +153,11 @@ public static void error(final List<HttpEventCollectorEventInfo> data, final Exc
             errorCallback.error(data, ex);
         }
     }
+
+    private static void logInfo(String message) {
+        System.out.println("Info: " + message);
+    }
+    private static void logWarn(String message) {
+        System.out.println("Warning: " + message);
+    }
 }