You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by GitBox <gi...@apache.org> on 2022/02/14 22:33:14 UTC

[GitHub] [logging-log4j2] rgoers commented on pull request #630: Log4j2 is still vulnerable and underspecified. This updates documenta…

rgoers commented on pull request #630:
URL: https://github.com/apache/logging-log4j2/pull/630#issuecomment-1039639817


   1. This is a pull request not an issue. If you wanted an issue you would need to use Jira.
   2. This is not even close to being a vulnerability. In no world has a vulnerability ever been classified as one from documentation alone. 
   3. I agree there are inconsistencies in the the use of "message" vs Message and I would be willing to accept a PR that just addresses that.
   4. The sentence added in caps is alarmist. We fully document that Log4j uses Message objects and that strings and objects passed in will be converted to the appropriate ones. There is no need for shouting here as that is fully expected behavior for anyone who has read the documention.
   5. Under no circumstances would we ever rename Message to something else. That would break binary compatibility in the most horrible way.
   In short, this PR is rightfully closed as we cannot accept it as is and it is quite clear you have no desire to treat this as the minor javadoc fix it is.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org