19 Jan
2022
19 Jan
'22
11:53 a.m.
On 1/19/2022 11:22 AM, Vladimir Sitnikov wrote:
There's a case when users can override JDBCAppender, and override its flushBuffer method.
So removing the class would break "drop-in replacement" I would rather suggest doing the following: 1) Throw an exception from JDBCAppender#flushBuffer unless there's reload4.appender.jdbc.allow_insecure_sql_replace=true
How do you prevent SQL injection in the first place? -- Ceki Gülcü Sponsoring SLF4J/logback/reload4j at https://github.com/sponsors/qos-ch