[logback-dev] [JIRA] (LOGBACK-1609) Bring back DBAppender or document how to proceed without it

QOS.CH (JIRA) Wed, 23 Feb 2022 03:21:09 -0800

Title: Message Title

Ceki Gülcü commented on

Rippon Thank you for your comments.

Please do not realize this but the attack surface of JDBC connections is remarkably large and varied. Given our time constraints, we have not had the time to ascertain with 100% certitude that JDBC-based appenders do not pose a security risk.

We decided not to take responsibility potential vulnerabilities for DBAppender at present time. This does not mean DBAppender is insecure but only that we did not have the time to perform the due diligence which is not always easy to get right. For any user wishing to use DBAppender, the code is available in github and would be very easy to add under their own responsibility. Just to be clear, DBAppender is probably as secure as similar code used by thousands of projects. The question is whether that is secure enough.

Some people may call this attitude lazy, paranoid or even incompetent, let them.

As you can imagine, we have a lot on our plate. If you wish to influence the project reoadmap, please have a look at our sponsorship options.

Add Comment

This message was sent by Atlassian Jira

_______________________________________________
logback-dev mailing list
logback-dev@qos.ch
http://mailman.qos.ch/mailman/listinfo/logback-dev

[logback-dev] [JIRA] (LOGBACK-1609) Bring back DBAppender or document how to proceed without it

Reply via email to