31 Aug
2010
31 Aug
'10
11:19 a.m.
Hi! It seems the Log4j XMLLayout * does not properly XML encode data it puts into the output XML. Example: 116 buf.append("\" thread=\""); 117 buf.append(event.getThreadName()); 118 buf.append("\">\r\n"); The thread name can be any string, so it can include characters like <>"/'& etc... That would break the XML. * http://logback.qos.ch/xref/ch/qos/logback/classic/log4j/XMLLayout.html same in the logback 0.9.24 David Balažic Software Engineer ComTrade HERMES SoftLab a ComTrade company HERMES SoftLab d.o.o. Litijska 51, 1000 Ljubljana Slovenia phone: +386 81 60 8937 fax: +386 1 586 52 70 david.balazic@comtrade.com www.comtrade.com/si