The current defaults are to format timestamps using the local timezone. Since switching to the time crate to avoid unsafe code in chrono (CVE-2020-26235), a lot of users use simple_logger in scenarios where time refuses to fetch the local timezone to avoid running unsafe code (time-rs/time#293). This usually affects users running a multithreaded application, as time assumes it's safe to get the local timezone when running in a single-threaded environment where there's no risk of an environment variable being set by a different thread.
Support for UTC timestamps has been added to simple_logger, but I'm currently trying to work out the best way to safely change the default away from local timestamps in a way that doesn't risk silently changing user's logs from one timezone to another with no way to tell the difference.
If this issue is affecting you, there are a few approaches you can take:
- Upgrade to
simple_logger 2.0.0
This breaking change switches to UTC timestamps in RFC 3339 format.
- Switch the timestamp display
Use UTC via .with_utc_timestamps() like in examples/timestamps_utc.rs.
Use a static UTC offset via .with_utc_offset(...) like in examples/timestamps_utc_offset.rs.
Don't display timestamps at all via .without_timestamps() like in examples/timestamps_none.rs.
- Use the
time crate's unsafe features
Export RUSTFLAGS="--cfg unsound_local_offset" when compiling (docs).
Issues related to this are all tagged CVE-2020-26235. Tagging #51, #48, #47, #44, #43, #35.
The current defaults are to format timestamps using the local timezone. Since switching to the
timecrate to avoid unsafe code inchrono(CVE-2020-26235), a lot of users usesimple_loggerin scenarios wheretimerefuses to fetch the local timezone to avoid running unsafe code (time-rs/time#293). This usually affects users running a multithreaded application, astimeassumes it's safe to get the local timezone when running in a single-threaded environment where there's no risk of an environment variable being set by a different thread.Support for UTC timestamps has been added to
simple_logger, but I'm currently trying to work out the best way to safely change the default away from local timestamps in a way that doesn't risk silently changing user's logs from one timezone to another with no way to tell the difference.If this issue is affecting you, there are a few approaches you can take:
simple_logger2.0.0This breaking change switches to UTC timestamps in RFC 3339 format.
Use UTC via
.with_utc_timestamps()like in examples/timestamps_utc.rs.Use a static UTC offset via
.with_utc_offset(...)like in examples/timestamps_utc_offset.rs.Don't display timestamps at all via
.without_timestamps()like in examples/timestamps_none.rs.timecrate's unsafe featuresExport
RUSTFLAGS="--cfg unsound_local_offset"when compiling (docs).Issues related to this are all tagged CVE-2020-26235. Tagging #51, #48, #47, #44, #43, #35.