Skip to content

Add %kvp to default logging pattern to support SLF4J 2.x fluent key-value logging #47162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Add %kvp to default logging pattern to support SLF4J 2.x fluent key-value logging #47162

wants to merge 2 commits into from
+2 −2

Conversation

hanouard
Copy link

@hanouard hanouard commented Sep 11, 2025
edited
Loading

Description

Spring Boot 3 uses SLF4J 2.x, which introduced the fluent logging API (log.atInfo().addKeyValue(...).log(...)).
Currently, when using the default logging pattern, the key–value pairs are silently ignored because %kvp is not included in the log pattern.

This PR updates the default console and file logging pattern to append %kvp after the log message (%m).

Why

Developers using SLF4J’s fluent API expect key–value pairs to be visible without custom Logback configuration.

Aligns Spring Boot defaults with SLF4J 2.x features.

Provides more observability by making structured key–value logging visible out-of-the-box.

Changes

log.atInfo()
    .addKeyValue("userId", "42")
    .addKeyValue("action", "login")
    .log("User action performed");

Before:

2025-09-11 16:30:05.123  INFO --- [main] c.e.Demo : User action performed

After:

2025-09-11 16:30:05.123  INFO --- [main] c.e.Demo : User action performed userId="42" action="login"

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Sep 11, 2025
@philwebb philwebb added the for: team-attention An issue we'd like other members of the team to review label Sep 11, 2025
@wilkinsona
Copy link
Member

Thanks for the proposal. We discussed this and decided that this isn't something that we want to enable by default as we think the risk of logging secret values is too high. Logback has maskedKvp for this reason.

@wilkinsona wilkinsona closed this Oct 10, 2025
@wilkinsona wilkinsona added status: declined A suggestion or change that we don't feel we should currently apply and removed for: team-attention An issue we'd like other members of the team to review status: waiting-for-triage An issue we've not yet triaged labels Oct 10, 2025
@hanouard
Copy link
Author

Hello @wilkinsona, I do understand that's always risky to log passwords. But Isn't the responsability of the developer to make sure that no sensitive data is logged using the fluent api or classic one?

@wilkinsona
Copy link
Member

We don't think it's solely the responsibility of the developer and that we can help by picking defaults that minimise the risks when a mistake is made. We feel it's too much to include them in console logging by default.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
status: declined A suggestion or change that we don't feel we should currently apply
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hanouard @wilkinsona @philwebb @spring-projects-issues