Details
-
Improvement
-
Status: Reopened
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
The recent CVE storm has proven that lookups are employed by users in many places where they shouldn't. In particular, lookups depending on LogEvent's (e.g., ctx) are honey pots for attackers and there are safer ways to expose the very same information via more native constructs, e.g., MDC accessors in PatternLayout and JsonTemplateLayout. This story aims to enrich the lookup and certain layout documentations with such best practices.
Attachments
Issue Links
- links to