DrDrunkenstien-10 opened a new pull request, #4103:
URL: https://github.com/apache/logging-log4j2/pull/4103
Fixes #4051
This pull request improves the Javadoc of StructuredDataMessage constructors
by clarifying
the expected format and usage of the `id` (SD-ID) and `type` (MSGID)
parameters.
Specifically:
- Adds references to RFC 5424 sections for SD-ID and MSGID
- Documents that these parameters are expected to conform to the RFC syntax
- Clarifies that they are treated as trusted inputs (typically compile-time
constants)
- Highlights that validation/sanitization is the caller's responsibility
when using untrusted input
- Recommends using StructuredDataId instead of raw String where applicable
This change is documentation-only and does not modify runtime behavior.
This improvement is based on feedback from the YesWeHack bug bounty report
(#YWH-PGM10209-37),
which identified a lack of clarity in the existing documentation.
## Checklist
* Base your changes on `2.x` branch if you are targeting Log4j 2; use `main`
otherwise
- [x] Yes (based on `2.x`)
* `./mvnw verify` succeeds ([the build
instructions](https://logging.apache.org/log4j/2.x/development.html#building))
- [x] Yes
* Non-trivial changes contain an entry file in the `src/changelog/.2.x.x`
directory
- [ ] Not applicable (documentation-only change; no behavioral impact)
* Tests are provided
- [ ] Not applicable (documentation-only change)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
