You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by GitBox <gi...@apache.org> on 2021/12/17 00:44:11 UTC

[GitHub] [logging-log4j2] mikkorantalainen commented on pull request #630: Log4j2 is still vulnerable and underspecified. This updates documenta…

mikkorantalainen commented on pull request #630:
URL: https://github.com/apache/logging-log4j2/pull/630#issuecomment-996316597


   I think InterpretedMessage would be problematic, too, because it can be understood as "message to be interpreted in the future" or "message that has already been interpreted".
   
   I think better terminology would be trustedMessage vs untrustedMessage where it would be hopefully clear that you don't put any string from incoming user input into such a parameter without suitable encoding.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org