ppkarwasz commented on PR #1441:
URL: https://github.com/apache/logging-log4j2/pull/1441#issuecomment-1518513783
@krallus,
thanks for the PR. This is a very old outstanding bug (cf.
[LOG4J2-170](https://issues.apache.org/jira/browse/LOG4J2-170)).
Actually the `main` branch has
krallus opened a new pull request, #1441:
URL: https://github.com/apache/logging-log4j2/pull/1441
While certainly not a complete addition of all missing appenders, or all of
the possible configuration of those appenders, I added some of the more common
ones that I use, including: ScriptAppe
swebb2066 merged PR #204:
URL: https://github.com/apache/logging-log4cxx/pull/204
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr
swebb2066 commented on PR #204:
URL: https://github.com/apache/logging-log4cxx/pull/204#issuecomment-1518449626
I will start a new PR for the bound parameter change.
Does this vunerability need to be reported?
--
This is an automated message from the Apache Git Service.
To respond t
rm5248 commented on PR #204:
URL: https://github.com/apache/logging-log4cxx/pull/204#issuecomment-1518446104
If we want to be fancy we could do something like what log4j2 does as well,
and increment the column number whenever we see the param, so the XML would
instead look like:
```
rm5248 commented on PR #204:
URL: https://github.com/apache/logging-log4cxx/pull/204#issuecomment-1518445521
My assumption was that the bug that you saw was that the SQL statement was
not parsed correctly when you had a `'` character in the log message, since
that delineates a string.
swebb2066 commented on PR #204:
URL: https://github.com/apache/logging-log4cxx/pull/204#issuecomment-1518430146
1) This was inteneded as a bug fix, not to prevent a SQL an injection
attack. Was it a vunerability?
2) Thanks for the ABI fix - I was wondering what it was.
--
This is a
ppkarwasz commented on PR #11:
URL: https://github.com/apache/logging-parent/pull/11#issuecomment-1518273889
Version 2.31 is the last one that uses Java 8 bytecode.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
U
dependabot[bot] opened a new pull request, #11:
URL: https://github.com/apache/logging-parent/pull/11
Bumps [spotless-maven-plugin](https://github.com/diffplug/spotless) from
2.30.0 to 2.36.0.
Changelog
Sourced from https://github.com/diffplug/spotless/blob/main/CHANGES.md";>spotle
ppkarwasz merged PR #10:
URL: https://github.com/apache/logging-parent/pull/10
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...
vy commented on code in PR #1401:
URL: https://github.com/apache/logging-log4j2/pull/1401#discussion_r1173939775
##
log4j-api/src/main/java/org/apache/logging/log4j/spi/AbstractLogger.java:
##
@@ -2762,12 +2746,8 @@ public LogBuilder atLevel(final Level level) {
* @since 2
rm5248 commented on PR #204:
URL: https://github.com/apache/logging-log4cxx/pull/204#issuecomment-1517827299
Two things:
1. If this is to prevent SQL injection, shouldn't we use bound parameters
instead?
2. It looks like the ABI broke; I suspect that this is because
`IMPLEMENT_LOG4CXX
github-actions[bot] merged PR #1440:
URL: https://github.com/apache/logging-log4j2/pull/1440
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificatio
13 matches
Mail list logo