Mikael Ståldal created LOG4J2-1958:
--------------------------------------
Summary: Deprecate SerializedLayout and remove it as default
Key: LOG4J2-1958
URL: https://issues.apache.org/jira/browse/LOG4J2-1958
Project: Log4j 2
Issue Type: Task
Components: Appenders, Layouts
Affects Versions: 2.8.2
Reporter: Mikael Ståldal
Assignee: Mikael Ståldal
Fix For: 2.9
Due to inherent security weakness of Java object serialization, see
CVE-2017-5645, we should deprecate SerializedLayout and discourage its use. We
should also remove it as default from the appenders which currently has it:
* SocketAppender
* JmsAppender
For the time being, we can recommend using JsonLayout as a replacement.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
