On Thu, Oct 12, 2023, at 20:44, Piotr P. Karwasz wrote:
> However we should consider properly documenting PatternLayout: there
> should be a warning reminding users that while it is technically
> possible to generate a proper JSON or XML using this layout it is not
> the suggested way.
No object
Hi Christian,
On Thu, 12 Oct 2023 at 20:11, Christian Grobmeier wrote:
> I assume we could quickly make log4j safer by adding an encoder, as suggested
> by Vladimir, so my question is, why should we not do it?
Yes, we can easily add an `outputFormat` attribute to the pattern
layout that accepts
dependabot[bot] opened a new pull request, #1:
URL: https://github.com/apache/logging-log4j-jmx-gui/pull/1
Bumps
[com.github.spotbugs:spotbugs-annotations](https://github.com/spotbugs/spotbugs)
from 4.7.3 to 4.8.0.
Release notes
Sourced from https://github.com/spotbugs/spotbugs/re
This whole problem sounds as follows:
- we don't escape because we don't think we should use a pattern layout like
this
- an attacker sends data to the log
- the log sends data to a processing system
- if this processing issue has a flaw, bad things might happen
It does not sound like a widespre
Hi Volkan,
It's not just about exchanging data between systems - that is just one
particular instance of a larger problem. If you use a pattern layout for _any_
reason, it is currently extremely inconvenient to configure securely. If you
use a structured layout, again for any reason, it's still
Hello,
I made the Jekyll branch work with the staging environment:
https://logging.staged.apache.org/
When you change something in the sources, it will be automatically deployed to
Staging.
We also have a "news section", aka blog:
https://logging.staged.apache.org/blog/
To add or change a proj
