fern
Simple, efficient logging for Rust.
fern 0.4.4, 0.5.*, 0.6.* security warning - colored
feature + global allocator
One of our downstream dependencies, atty, through colored, has an unsoundness issue: https://rustsec.org/advisories/RUSTSEC-2021-0145.html.
This shows up in one situation: if you're using colored
(the crate, or our
feature), and a custom global allocator.
I will be releasing fern
0.7.0, removing colored
as a dependency. This may
add another color crate, or may just document usage of alternatives (such as
owo-colors
+
enable-ansi-support
).
In the meantime, if you're using #[global_allocator]
, I highly recommend
removing the fern/colored
feature.
Or, for minimal code changes, you can also enable the colored/no-colors
feature:
cargo add colored --features no-color
With the no-color
feature, the vulnerable code will still be present, but
unless you use any of the following APIs manually, it will never be called:
colored::control::set_override
colored::control::unset_override
colored::control::ShouldColorize::from_env
colored::control::SHOULD_COLORIZE
(referencing thislazy_static!
variable will initialize it, running the vulnerable code)
See https://github.com/daboross/fern/issues/113 for further discussion.
Logging configuration is recursively branched, like a fern: formatting, filters, and output can be applied recursively to match increasingly specific kinds of logging. Fern provides a builder-based configuration backing for rust's standard log crate.
//! With fern, we can:
// Configure logger at runtime
new
// Perform allocation-free log formatting
.format
// Add blanket level filter -
.level
// - and per-module overrides
.level_for
// Output to stdout, files, and other Dispatch configurations
.chain
.chain
// Apply globally
.apply?;
// and log using log crate macros!
info!;
Examples of all features at the api docs. See fern in use with this example command line program.
Project Status
The fern project is primarily maintained by myself, @daboross on GitHub. It's a hobby project, but one I aim to keep at a high quality.
Contributing
As this is a hobby project, contributions are very welcome!
The easiest way for you to contribute right now is to use fern in your application, and see where it's lacking. The current library has a solid base, but it lacks features, and I may not anticipate your use cases.
If you have a use case fern does not cover, please file an issue. This is immensely useful to me, to anyone wanting to contribute to the project, and to you as well if the feature is implemented.
If you're interested in helping fix an existing issue, or an issue you just filed, help is appreciated.
See CONTRIBUTING for technical information on contributing.