Hi Matt, On Tue, 3 Oct 2023 at 18:36, Matt Sicker <m...@musigma.org> wrote: > > I’ve had this idea for many years now, and as we get closer to 3.0, it seems > like it’s time to consider the details. We can change the default > configuration in 3.0 without being as surprising as any other version. I > think we could use this as an opportunity to demonstrate some best practices > and recommendations. For example, we could switch from PatternLayout to > JsonTemplateLayout by default to help prevent common vulnerabilities related > to log message forging (like putting a newline or similar and faking the log > output in the following line). Then there’s an option related to direct > console writing that we have disabled by default despite being benign. There > are probably other settings I haven’t considered at the moment.
I am all for setting `direct` to true by default. Besides, that is also what JAnsi 2.x does. Other possible changes: * I know we already discussed it, but can we reconsider making WARN the default status logger level in 3.x (and let's merge the properties that regulate the level of the status logger, there are at least two), * we could introduce a property that makes AsyncAppender and AsyncLoggerConfig synchronous if the logger context is AsyncLoggerContext. I really don't see why users would want to jump threads multiple times, it is probably a misconfiguration. Right now we can have an AsyncLogger, which forwards the message to AsyncLoggerConfig on a different thread, which forwards an event to AsyncAppender on another thread, which performs I/O on a third thread. Piotr
