[ https://issues.apache.org/jira/browse/LOG4J2-3360?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Volkan Yazici closed LOG4J2-3360. --------------------------------- > Document unsafe lookup usage patterns > ------------------------------------- > > Key: LOG4J2-3360 > URL: https://issues.apache.org/jira/browse/LOG4J2-3360 > Project: Log4j 2 > Issue Type: Improvement > Reporter: Volkan Yazici > Assignee: Volkan Yazici > Priority: Major > Fix For: 2.17.3 > > > The recent CVE storm has proven that lookups are employed by users in many > places where they shouldn't. In particular, lookups depending on > {{LogEvent}}'s (e.g., {{ctx}}) are honey pots for attackers and there are > safer ways to expose the very same information via more native constructs, > e.g., MDC accessors in {{PatternLayout}} and {{JsonTemplateLayout}}. This > story aims to enrich the lookup and certain layout documentations with such > best practices. -- This message was sent by Atlassian Jira (v8.20.7#820007)