Oh, I did not think about that aspect. Both JsonLayout and a potential new AvroLayout (will) have external dependency.
Without external dependency, we currently have GelfLayout, PatternLayout and RFC5424Layout. GelfLayout and RFC5424Layout would be useful in some cases, but they do not have all information present in SerializedLayout and JsonLayout. RFC5424Layout and PatternLayout can be configured to include all information, but that's quite involved. On Tue, May 2, 2017 at 4:11 PM, Remko Popma <[email protected]> wrote: > What layout do we have available that does not require an external > dependency? > > On Tue, May 2, 2017 at 8:38 PM, Mikael Ståldal <[email protected]> > wrote: > > > Given the inherent security problems with Java object serialization > > (highlighted by CVE-2017-5645), I do suggest that we deprecate > > SerializedLayout and remove it as default for SocketAppender, and all > other > > appenders which currently have it as default. (We can still keep > > SerializedLayout, with a warning about security issues in documentation, > > but users will have to enable it explicitly.) > > > > Some people have missed the fact that you can configure SocketAppender > with > > another layout. > > > > I suggest we do this in the 2.9 release. > > > > I know this will break some existing configurations, but given the > security > > problems, I think that is a price we have to pay in this case. > > > > We have a JIRA ticket for a new Avro based binary layout: > > https://issues.apache.org/jira/browse/LOG4J2-1871 > > > > If we implement that in time for 2.9, we can recommend it as a > replacement > > for SerializedLayout. If not, we could recommend JsonLayout which should > > contain all necessary information. > > > > -- > > [image: MagineTV] > > > > *Mikael Ståldal* > > Senior software developer > > > > *Magine TV* > > [email protected] > > Grev Turegatan 3 | 114 46 Stockholm, Sweden | www.magine.com > > > > Privileged and/or Confidential Information may be contained in this > > message. If you are not the addressee indicated in this message > > (or responsible for delivery of the message to such a person), you may > not > > copy or deliver this message to anyone. In such case, > > you should destroy this message and kindly notify the sender by reply > > email. > > > -- [image: MagineTV] *Mikael Ståldal* Senior software developer *Magine TV* [email protected] Grev Turegatan 3 | 114 46 Stockholm, Sweden | www.magine.com Privileged and/or Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such a person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email.
