log file generated has permission issue in ^6.4.0

[lakshmikanthadn]

The log file generated does NOT have permmsions to read by any other users/applications.
This is happening in v6.4.x but works in v6.3.0

Breaking In v6.4.x

Works In v6.3.x

Our log shipper is broken. For now we have reverted back to v6.3.0.

[lamweili]

Security Advisory GHSA-82v2-mx6x-wq7q | CVE-2022-21704 | CWE-708

For security, the default file permission from v6.4.0 onwards has changed from 0o644 to 0o600.
It is to prevent unauthorised users from reading logs that may contain sensitive information.

---

In your case, the log is created by root (implies your running node is under root) and thus, only accessible by root.
Only applications using root can access it. Applications using other accounts will not be able to access it.

1. Either run the other applications, that needs to read the log, using the root account, or
2. Manually specify the permission (such as 0o644) to be used through the mode options as listed in the fileAppender docs:

   const log4js = require('log4js');
   log4js.configure({
     appenders: {
       everything: { type: 'file', filename: 'all-the-logs.log', mode: 0o644 }
     },
     categories: {
       default: { appenders: [ 'everything' ], level: 'debug' }
     }
   });
   
   const logger = log4js.getLogger();
   logger.debug('I will be logged in all-the-logs.log');

[lamweili]

This is related to #1141.

In hindsight, probably should have used 7.x.x instead to not break things for existing users who uses the default file permissions.

I have updated the changelog (7010a7d) to have a more indicative warning now we are unable to go back in time.

My mistake.

---

For whoever might be reading this, to workaround the breaking change:

1. Either run the other applications, that needs to read the log, using the same user account (due to 0o600), or
2. Manually specify the permission (such as 0o644) to be used through the mode options as listed in the fileAppender docs.