Log4J2 2.11.0 -> Log4J2 2.17.1 upgrade - appender broken for mariaDB JDBC driver to Percona 5.7 - malformed packets - maven - solved

FYI, Log4J vulnerability starts from 2.12.0

The solution to the above post seems to be to first update the MariaDB JDBC Java client to the current stable version. In the pom.xml for Maven:

        <dependency>
            <groupId>org.mariadb.jdbc</groupId>
            <artifactId>mariadb-java-client</artifactId>
            <!--<version>1.1.8</version>-->
            <version>2.7.4</version>
        </dependency>

2.7.4 of the MariaDB-java-client is stable as of 2022-01-18.

Then add commons-dbcp version 1.4 to allow my connection factory code to work correctly. In the pom.xml:

        <dependency>
            <groupId>commons-dbcp</groupId>
            <artifactId>commons-dbcp</artifactId>
            <version>1.4</version>
            <type>jar</type>
        </dependency>

Then finally take log4j 2.11.0 up to 2.17.1. In the pom.xml:

        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-api</artifactId>
            <!--<version>2.11.0</version>-->
            <version>2.17.1</version>
        </dependency>
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-core</artifactId>
            <!--<version>2.11.0</version>-->
            <version>2.17.1</version>
        </dependency>

After doing the above the exception of

db.DbAppenderLoggingException: Failed to insert record for log event in JDBC manager: java.sql.SQLException: Malformed communication packet.

was gone and Log4J 2.17.1 is now successfully logging via the MariaDb Java client 2.7.4 to Percona (MySQL) 5.7 with commons-dbcp 1.4 to make the above Log4J connection factory code work.

EDIT: here is an alternative connection factory class for using Apache DBCP2 instead of DBCP1 to get a connection for Log4J2 via MariaDB Java client 2.7.4 to Percona 5.7:

package verishare.log4J2.utils;

import java.sql.Connection;
import java.sql.SQLException;
import javax.sql.DataSource;
import org.apache.commons.dbcp2.PoolableConnection;
import org.apache.commons.pool2.ObjectPool;
import AppSettings;

/**
 *
 * @author sv
 */
public class Log4J2GetConnection {

    private static interface Singleton {

        final Log4J2GetConnection INSTANCE = new Log4J2GetConnection();
    }

    private final DataSource dataSource;

    private Log4J2GetConnection() {
        if (AppSettings.getMySQLDataSource() == null) {
            AppSettings.resetMySQLDataSource();
        }

        String connectionString = "jdbc:mariadb://" + AppSettings.getMysqlServer() + ":" + AppSettings.getMysqlPort() + "/" + AppSettings.getMysqlDatabase();

        org.apache.commons.dbcp2.PoolingDataSource<PoolableConnection> workDataSource = null;

        try {
            org.apache.commons.dbcp2.ConnectionFactory factory = new org.apache.commons.dbcp2.DriverManagerConnectionFactory(connectionString,
                    AppSettings.getMysqlUser(), AppSettings.getMysqlPassword());
            org.apache.commons.dbcp2.PoolableConnectionFactory poolFactory = new org.apache.commons.dbcp2.PoolableConnectionFactory(factory, null);
            ObjectPool<PoolableConnection> connectionPool = new org.apache.commons.pool2.impl.GenericObjectPool<>(poolFactory);
            poolFactory.setPool(connectionPool);
            workDataSource = new org.apache.commons.dbcp2.PoolingDataSource<>(connectionPool);
        } catch (Exception ex) {
            System.out.println(("Exception in getPoolForConnection:" + ex.toString()));
        } finally {
            this.dataSource = workDataSource;
        }
    }

    public static Connection getDatabaseConnection() throws SQLException {
        return Singleton.INSTANCE.dataSource.getConnection();
    }
}

Log4J2 2.11.0 -> Log4J2 2.17.1 upgrade - appender broken for mariaDB JDBC driver to Percona 5.7 - malformed packets - maven - solved

Related

Recent Posts