Thanks so much for responding to me Ralph! (and promptly)
I think this is really useful information that you shared that would be a
relief to many users. Users that only use Log4j2 via Slf4j are mitigated
by this technique. That's a big deal! Most other users using Log4j2
directly would as wel
The system property blocked lookups from being processed in what I would
call “normal” logging - those using the style logger.info(“Hello {}”, name).
However,
if you made a call like logger.printf(“Hello %s”, name) lookups would not be
blocked.
If you obtained your logger with a special Logger
Hello,
I'm on the Apache Solr PMC, and I'm trying to do some due diligence on
understanding the extent to which "log4j2.formatMsgNoLookups" may or may
not be effective in mitigating certain vulnerabilities *for Solr*. Solr
recently upgraded to Log4j 2.16 but I want to validate the extent to which
