boulder

Commit Graph

Author	SHA1	Message	Date
Aaron Gable	eda6e4cb4a	Update OTel dependencies to latest (#7206 ) This resolves https://github.com/advisories/GHSA-8pgv-569h-w5rw and https://github.com/advisories/GHSA-rcjv-mgp8-qvmr, both DoS attacks via metric cardinality explosion in the default OTel http and gRPC middleware.	2023-12-13 09:33:39 -05:00
Aaron Gable	b55499f2d8	Update golang.org/x/ deps to tagged versions (#6596 )	2023-01-23 12:34:06 -05:00
Jacob Hoffman-Andrews	dd1c52573e	log: allow logging to stdout/stderr instead of syslog (#6307 ) Right now, Boulder expects to be able to connect to syslog, and panics if it's not available. We'd like to be able to log to stdout/stderr as a replacement for syslog. - Add a detailed timestamp (down to microseconds, same as we collect in prod via syslog). - Remove the escape codes for colorizing output. - Report the severity level numerically rather than with a letter prefix. Add locking for stdout/stderr and syslog logs. Neither the [syslog] package nor the [os] package document concurrency-safety, and the Go rule is: if it's not documented to be concurrent-safe, it's not. Notably the [log.Logger] package is documented to be concurrent-safe, and a look at its implementation shows it uses a Mutex internally. Remove places that use the singleton `blog.Get()`, and instead pass through a logger from main in all the places that need it. [syslog]: https://pkg.go.dev/log/syslog [os]: https://pkg.go.dev/os [log.Logger]: https://pkg.go.dev/log#Logger	2022-08-29 06:19:22 -07:00

Author

SHA1

Message

Date

Aaron Gable

eda6e4cb4a

Update OTel dependencies to latest (#7206 )

This resolves https://github.com/advisories/GHSA-8pgv-569h-w5rw and
https://github.com/advisories/GHSA-rcjv-mgp8-qvmr, both DoS attacks via
metric cardinality explosion in the default OTel http and gRPC
middleware.

2023-12-13 09:33:39 -05:00

Aaron Gable

b55499f2d8

Update golang.org/x/ deps to tagged versions (#6596 )

2023-01-23 12:34:06 -05:00

Jacob Hoffman-Andrews

dd1c52573e

log: allow logging to stdout/stderr instead of syslog (#6307 )

Right now, Boulder expects to be able to connect to syslog, and panics
if it's not available. We'd like to be able to log to stdout/stderr as a
replacement for syslog.

- Add a detailed timestamp (down to microseconds, same as we collect in
prod via syslog).
- Remove the escape codes for colorizing output.
- Report the severity level numerically rather than with a letter prefix.

Add locking for stdout/stderr and syslog logs. Neither the [syslog] package
nor the [os] package document concurrency-safety, and the Go rule is: if
it's not documented to be concurrent-safe, it's not. Notably the [log.Logger]
package is documented to be concurrent-safe, and a look at its implementation
shows it uses a Mutex internally.

Remove places that use the singleton `blog.Get()`, and instead pass through
a logger from main in all the places that need it.

[syslog]: https://pkg.go.dev/log/syslog
[os]: https://pkg.go.dev/os
[log.Logger]: https://pkg.go.dev/log#Logger

2022-08-29 06:19:22 -07:00

3 Commits