|
|
|
|
|
|
by scottlamb
1654 days ago
|
|
|
> I agree that the input should be sanitized but only if the formatting behavior is a bug and was not intentional. The behavior is fundamentally wrong as explained by layer8's comment and in the blog post jcheng linked. Apparently it was intentional, and to me that's a million times worse than if it were a bug that could just be fixed. log4j is unsuitable for use in a way that many many people are suddenly discovering today. The log4j developers need to rethink this, and even if they do, log4j's users should still strongly consider switching to something else. Otherwise they need to audit the whole codebase for other surprising, broken, insecure design decisions not only in its present state but also on each update. I don't see how it's possible to trust the log4j developers' design sensibilities after this. |
|
|
I've been on an 'archaeological dig' into the Log4j commit history, and sure enough, there's evidence that the formatting behavior was intentional from the outset.
My write-up is here: https://jedwidz.hashnode.dev/log4j-vulnerability-what-the-fa...