An important note to make is that even if the file is loaded from a trusted
source, it should reference only files that come from trusted sources. DTD
statements may slip through in this consideration. Note further that
"https://"; is not a warranty for a trusted source, it only guarantees a
secure
Okay, I understand. I've cherry-picked the fix onto release-2.x.
On Wed, Jun 17, 2020 at 5:37 PM Ralph Goers wrote:
>
> Please remember that when appropriate bug fixes should also be applied to the
> release-2.x branch (and vice-versa). I typically try to cherry-pick the
> commits but that doe
Stacktraces need to provide value, otherwise they just waste log space. So
whether or not a stack trace should be printed should be based on whether it is
going to provide value or not. Otherwise, just logging the exception message
and class would be fine.
Remember, the original message was goi
Please remember that when appropriate bug fixes should also be applied to the
release-2.x branch (and vice-versa). I typically try to cherry-pick the
commits but that doesn’t always work.
Ralph
> On Jun 17, 2020, at 3:44 AM, Volkan Yazıcı wrote:
>
> One more "blocker" is down.
> Changes are
It's not an issue if the config file is a trusted source. It's
generally not a good idea to do that in the first place, either.
On Wed, 17 Jun 2020 at 09:56, Venkamsetty, VenkataRao
wrote:
>
> Why this is an issue if the configuration file is loaded from trusted source?
>
> On 2020/05/25 16:28:20
Why this is an issue if the configuration file is loaded from trusted source?
On 2020/05/25 16:28:20, Suthish Nair wrote:
> Hi,>
>
> Good Day!>
>
> Is there any mitigation or vulnerability fix available for .NET Core>
> frameworks?>
>
> Please let me know.>
>
> Regards>
> Suthish>
>
Hello,
Yesterday I've paged by a colleague for a really strange logging
behaviour on production. The logging stops working after 15m-2h.
Diving into Tomcat catalina logs pointed out that there is a
particular exception whose Throwable#printStackTrace(PrintWriter)
method is throwing an exception --
By the way, if you were suggesting to rename the branch to release-3.x for
symmetry or anything, that’d be fine. I mostly meant we don’t need a third
main branch.
On Wed, Jun 17, 2020 at 04:20 Volkan Yazıcı wrote:
> Not really, since
>
> 1. I cannot do anything for YAML and XML layouts, obviousl
One more "blocker" is down.
Changes are merged to master.
Thanks to @Remko for the review.
On Wed, Jun 17, 2020 at 10:29 AM Volkan Yazıcı wrote:
>
> Hello,
>
> I've pushed a fix[1] for LOG4J2-2828[2]. Would somebody mind reviewing
> it, please?
>
> Cheers!
>
> [1] https://github.com/apache/loggin
Not really, since
1. I cannot do anything for YAML and XML layouts, obviously.
2. JsonLayout can leverage JsonTemplateLayout with the
exception of stack traces, since Jackson serializes `Throwable`s
"as is" with nested `StackTraceElement`s, which is, IMHO,
pretty unconventional and I pre
Okay, I prefer to have (and will be waiting for) your green light
before merging my changes to release-2.x branch.
On Mon, Jun 15, 2020 at 11:47 PM Ralph Goers wrote:
>
> I have no objection, but I still need to validate the changes you have made
> in “Logging in the Cloud” against the way it wa
Hello,
I've pushed a fix[1] for LOG4J2-2828[2]. Would somebody mind reviewing
it, please?
Cheers!
[1] https://github.com/apache/logging-log4j2/pull/364
[2] https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2828
12 matches
Mail list logo
