GitHub user rm5248 added a comment to the discussion: Threat model: how should Thread Context (MDC) keys be classified (trusted structural or untrusted content)?
The MDC is not something that I have used often, but I seem to recall reading at some point that the MDC could be used for something along the lines of HTTP headers. What would the difference between trusted and untrusted values be? If they're trusted, does that mean that we can do certain operations on them(e.g. replacement)? GitHub link: https://github.com/apache/logging-log4j2/discussions/4132#discussioncomment-17117032 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
