This is an automated email from the ASF dual-hosted git repository.
pkarwasz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/logging-site.git
commit fef16333e09cb4c70ef7154d720c918bfff100bb
Author: Piotr P. Karwasz <pkarwasz-git...@apache.org>
AuthorDate: Wed Aug 13 15:09:42 2025 +0200
fix: mangling -> tampering
---
_threat-model-common.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/_threat-model-common.adoc b/_threat-model-common.adoc
index e1585b49..64baf472 100644
--- a/_threat-model-common.adoc
+++ b/_threat-model-common.adoc
@@ -60,7 +60,7 @@ Although the context map is only accessible by developers, it
has been known to
See
https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data[the
related OWASP guide] for details.
* If parameterized logging is used, the format string is **trusted**:
-** Programmers **should** use compile time constants as format strings to
prevent attackers from mangling messages.
+** Programmers **should** use compile-time constants as format strings to
prevent attackers from tampering messages.
See
https://logging.apache.org/log4j/2.x/manual/api.html#best-practice-concat[Don't
use string concatenation] for an example.
Untrusted Sources::
