ppkarwasz commented on issue #4015: URL: https://github.com/apache/logging-log4j2/issues/4015#issuecomment-3702387894
> I am not really sure if we can overload `replace` to accept both `RegexReplacement` and `RegexReplacement[]`. I don't even know how to represent this in XSD. I'm also reluctant to add more knobs to `PatternLayout`. But that is me. This is actually not so hard: if we replace the `RegexReplacement` field with `RegexReplacement[]` it will still accept 0 or 1 elements of type `RegexReplacement`. > By moving this logic to a dedicated generalized component, we can achieve > > * Garbage-free replacements > * Layout-agnostic usability > * Home for further utilities (e.g., concatenating output from multiple layouts) Replacing an already stringified log event can be dangerous, since it can break structured layouts. The problem of masking sensitive data in logs appears often in discussions (e.g. #1814 and #3152) and the usual advice is **do not log** sensitive data. More precisely you can use some static analysis tool to make sure that sensitive information is not passed to loggers. One of the available tools is Palantir's [`safe-logging`](https://github.com/palantir/safe-logging) logging API and [`baseline-error-prone`](https://github.com/palantir/baseline-error-prone) set of checks. Another alternative is to wrap sensitive strings in objects that override `toString()` with a masked form. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
