ppkarwasz commented on issue #2100: URL: https://github.com/apache/logging-log4j2/issues/2100#issuecomment-1858540085
From the top of my head, our security model should relieve us from any responsibility for: - CRLF injections if the user uses a line-oriented tool to parse logs, - other kinds of data corruption if the user uses `PatternLayout` to generate JSON, XML or other structured formats, Attacks that require access to a configuration file should not be considered vulnerabilities. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
