Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-1958

Deprecate SerializedLayout and remove it as default

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.8.2
    • 2.9.0
    • Appenders, Layouts
    • None

    Description

      Due to inherent security weakness of Java object serialization, see https://www.owasp.org/index.php/Deserialization_of_untrusted_data, we should deprecate SerializedLayout and discourage its use. We should also remove it as default from the appenders which currently has it:

      • SocketAppender
      • JmsAppender

      For the time being, we can recommend using JsonLayout as a replacement.

      Attachments

        Issue Links

          Activity

            People

              mikaelstaldal Mikael Ståldal
              mikaelstaldal Mikael Ståldal
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: