Description
Due to inherent security weakness of Java object serialization, see https://www.owasp.org/index.php/Deserialization_of_untrusted_data, we should deprecate SerializedLayout and discourage its use. We should also remove it as default from the appenders which currently has it:
- SocketAppender
- JmsAppender
For the time being, we can recommend using JsonLayout as a replacement.
Attachments
Issue Links
- causes
-
LOG4J2-2411 error - No layout provided
- Closed
- is related to
-
LOG4J2-1863 Add support for filtering input in TcpSocketServer and UdpSocketServer
- Closed
- relates to
-
LOG4J2-1986 Public API for parsing the output from JsonLayout/XmlLayout/YamlLayout into a LogEvent
- Closed
-
LOG4J2-2020 Remove default layout from KafkaAppender
- Closed