Re: [logback-user] SMTPAppender with Amazon SES
It's most likely coming from a stack trace generated by your application. The JavaMail API is vulnerable to header injection via the Subject header, and you're probably seeing that phenomenon (though by accident).
For my own application, I wrote a subclass of SMTPAppender that truncates the Subject header at the first EOL character, which prevents this issue from occurring.
Thanks, I figured it was something like this, but I didn't realize the problem with the subject line. Would this be appropriate to file as a JIRA issue? jason -- Jason Bennett, jasonab@acm.org E pur si muove! Get Firefox! - http://getfirefox.com
Yes, please raise a jira. A fix in a guthub pull request would help too. David On 14 May 2013, at 01:46, Jason Bennett <jasonab@acm.org> wrote:
It's most likely coming from a stack trace generated by your application. The JavaMail API is vulnerable to header injection via the Subject header, and you're probably seeing that phenomenon (though by accident).
For my own application, I wrote a subclass of SMTPAppender that truncates the Subject header at the first EOL character, which prevents this issue from occurring.
Thanks, I figured it was something like this, but I didn't realize the problem with the subject line. Would this be appropriate to file as a JIRA issue?
jason
-- Jason Bennett, jasonab@acm.org E pur si muove! Get Firefox! - http://getfirefox.com _______________________________________________ Logback-user mailing list Logback-user@qos.ch http://mailman.qos.ch/mailman/listinfo/logback-user
participants (2)
-
David Roussel -
Jason Bennett