SpringBoot Allow JoranConfigurators to be passed ahead of time in logback

Hello Spring Boot team,

I'm quite new here and I don't know what kind of checklist I need to pass prior to submitting a pull request, sorry about that.

I am trying to understand what kind of changes I am expected to do to use spring-boot 3 in my company.

Logback team has deactivated xml declaration of rules <newRule> since logback 1.3 for security purposes, so we have to do it programmatically.

SpringBootJoranConfigurator declares a limited set of rules, so I thought it would be nice to let the user provide its own JoranConfigurators ahead of time.

I need that, because I don't want some critical information to be sent in the logs messages. One of the rule we have in my company is ObfuscationRule, it is a requirement to have it in spring-boot 3.

Thank you for your help. Related issue (not from me : #24992) @philwebb would be the one-to-go developper for this item.

Comment From: mhalbritter

Thanks and congrats to your first contribution to Spring Boot!

Comment From: wilkinsona

Regrettably, upon subsequent review we've realised that we made a mistake when accepting these changes. Sorry. The changes only apply during AOT processing which is too specialised and they will also make it harder for us to offer full support for programmatic configuration of Logback in the future (#24992 and #25847). #34361 is tracking the revert which will allow us the time that we need to determine the right way forward here without backing ourselves into a corner.

Comment From: Frettman

@libetl, have you found a workaround for this issue?

Comment From: libetl

@Frettman https://libetl.wordpress.com/2022/12/31/spring-boot-3-and-logback-without-hassle/