GitHub user stechio added a comment to the discussion: log4j-script: what about security?
Thank you, @ppkarwasz, for the clear picture of the overall security assumptions backing the logging framework: so, to my understanding, log4j sensibly demarcates its own responsibility in the handling of log data (messages, string representation of parameters, thread contexts), whilst the safety of the execution environment and its resources is up to the administrators and application developers (trusted users) :thumbsup: (I don't have a particular use case to share, I was just contemplating the use of scripting to customize the logging configuration in a generic deployment scenario.) GitHub link: https://github.com/apache/logging-log4j2/discussions/3894#discussioncomment-14196398 ---- This is an automatically sent email for dev@logging.apache.org. To unsubscribe, please send an email to: dev-unsubscr...@logging.apache.org
