19 Jan
2022
19 Jan
'22
8:38 a.m.
Hi All, JDBCAppender uses simple strings instead of java.sql.Statement to talk to the database. This creates a vulnerability point for SQL injection attacks. Fixing this vulnerability in JDBCAppender (a rarely used component) in a backward compatible way would be a lot of work for very little or no benefit. S such, I propose to remove JDBCAppender from reload4j with no replacement. Any objections? -- Ceki Gülcü Sponsoring SLF4J/logback/reload4j at https://github.com/sponsors/qos-ch