Pointless complexity causes security disaster
Posted by
fschmidt on
URL: https://mikraite.arkian.net/Pointless-complexity-causes-security-disaster-tp3929.html
https://youtu.be/UhuL11JaECMhttps://youtu.be/uyq8yxWO1lsI didn't even know about this until I stumbled on the first video above today. I stopped using Log4j years ago because of its pointless complexity and bugs, and wrote
my own logger. There is no reason for a logger to do expression evaluation, it should just log strings. So of course my logger is perfectly safe.