Logback VS Spring Boot

Java -> Logback, Log4j2, JDK (Java Util Logging), Slf4j, e.t.c.

This is a GitHub link to my demo app. It’s simple Spring Boot web app used to debugging various stuff. There are many ways to configure JSON logging in Spring Boot. I decided to use Logback because it is easy to configure and one of the most widely used logging library in the Java Community. To enable JSON logging we need to add below dependencies.

Logback(https://logback.qos.ch/) is another non-commercial Java logging framework. It labels itself as a successor to the previously discussed Log4j framework.

> Then apache decides to put new people on log4j, do a backward incompatible v2 design that nevertheless is worse than slf4j. Why?

slf4j itself isn't a logging framework. It's a facade to logging frameworks.

Simple Logging Facade for Java ( https://www.slf4j.org )

It needs a logging framework behind it - log4j, log4j2, logback, commons, JUL.

The question is "why do log4j2?"

Logback went from the log4j1.x path ( https://logback.qos.ch )

Log4j2 has a lot of features that weren't present when the project started ( https://en.wikipedia.org/wiki/Log4j#Apache_Log4j_2 ).

There is a licensing difference between Logback (LGPL) and Log4jx (Apache Commons).

Also, I'd like you to pay attention to the log consumer. You see, when the E2E scenario fails, it's not always obvious why. Sometimes to understand the source of the problem you have to dig into containers' logs. Thankfully the log consumer allows us to forward a container's logs to any SLF4J logger instance. In this project, containers' logs are forwarded to regular text files (you can find the Logback configuration in the repository). Though it's much better to transfer logs to external logging facility (e.g. Kibana).

This shows that the MariaDB JDBC driver uses Logback as a logging framework. Although Logback is not affected by Log4Shell, it has a related vulnerability (of much lesser severity, no need to panic) fixed in version 1.2.8 and 1.3.0-alpha11. I checked the version used by the connector and found that it used 1.3.0-alpha10. Even though Logback is included as a test dependency in the MariaDB driver, I sent a pull request on GitHub to update it. I encourage you to do the same in any open-source project you find and that includes a vulnerable dependency.

Dependencing on the project, changing the logger might range from easy peasy to a multi-week task. I'm ready to bet that in many (most?) cases, it'd actually be quite easy, so let's explore how to do it, using Logback as the target (there aren't that many alternatives actually).

behold logback doing a bunch of JNDI fixes: https://github.com/qos-ch/logback/commit/c43bd30e1092b89bb91f5fb6a28310956b3bac61

- Usually manually wired and configured vs the spring boot "starter" pattern of having libraries that automatically do some of the manual setup work for you: https://github.com/spring-projects/spring-boot/blob/main/spr...

I wish more client library sets had the feature-matrix that the pulsar one does, because in practice most end up being the same: Java supports everything because it's either built in the same codebase or is the most used client and gets the most support, while the dotnet client codebase has many feature-requests or performance improvement issues, often leading to a "third-party client" being created.

https://github.com/spring-projects/spring-boot/pull/39754/co...

If you’re currently running with an earlier version of Spring Boot, I recommend that you upgrade to Spring Boot 2.7 before migrating to Spring Boot 3.0. It minimizes compatibility issues as much as possible.

Okay, we need to build the game? No problem, we will use Spring Boot and Swing!

It's weird that some people including you directly attack my competence. As a power user you should have plenty of experience getting something to work that is not properly document, does not work how the documentation promised it to, or has weird problems on top of it. Look at idiotic things like this:

https://github.com/spring-projects/spring-boot/issues/33044

Take any similar issue and you'll see a bunch of people who try to find a solution for them because they just aren't repeatable at all. The underlying issue is the auto configuration doing things you can't follow quite properly. It's like it wasn't mean to be understood. Issues like the one I linked above also show me that the spring dev crowd also doesn't understand the ecosystem anymore. The problem is complexity and automagic.

An interested reader can decide for themselves:

https://github.com/spring-projects/spring-boot/tree/main/spr...

Explicitly decoding URL query parameters occurs less often because many frameworks, including Spring Boot, handle decoding automatically.

https://aws.amazon.com/lambda/ https://aws.amazon.com/api-gateway/ https://aws.amazon.com/serverless/sam/ https://aws.amazon.com/cloudformation/ https://aws.amazon.com/s3/ https://spring.io/projects/spring-boot https://start.spring.io