Hide Forgot
Description of problem: The thirdparty webdav-servlet-2.0.jar library which is dependency of modeshape-web-jcr-webdav contains log4j.xml which logs with TRACE level to a file with fixed path. If log4j reads this file then application logging on such level agressively consumes CPU, IO, disk space. This is very critical problem for production environments. This file shouldn't be bundled with libraries. The problem was fixed by library authors http://webdav-servlet.svn.sourceforge.net/viewvc/webdav-servlet?revision=82&view=revision but there are no further releases containing above change. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Randall Hauch <rhauch> updated the status of jira MODE-885 to Closed
Actually it is not added to BRMS as a dependency of modeshape-web-jcr-webdav - BRMS uses WebDAV in Guvnor to allow access to JCR repository by WebDAV even when used Jackrabbit. An upgrade to webdav-servlet-2.0.1.jar (instead of webdav-servlet-2.0.jar) fixes this issue.
The jboss-brms.war/WEB-INF/lib still contains webdav-servlet-2.0.jar. All distributions (deployable, deployable-ee6, standalone) are affected. The manual patch (BZ-1022758.zip) does not contain the webdav-servlet-2.0.1.jar as well.
The commit upgrading the webdav-servlet version in pom has been cherry-picked into the patch, probably just a rebuild is needed and patch instructions updated.
Changing to MODIFIED as it reflects the current state more accurately (the problem is in the build, not in the fix).
Verified that the correct version is bundled with 5.3.1.BRMS-P05.