Hi, I think that's a sensible suggestion. Those who need that functionality could always add a JDBCAppender of their own separately. /Robert -- _______________________________________ Robert Olofsson, Sweden http://www.unlogic.se On January 19, 2022 9:38:04 AM GMT+01:00, "Ceki Gülcü" <ceki@qos.ch> wrote:
Hi All,
JDBCAppender uses simple strings instead of java.sql.Statement to talk to the database. This creates a vulnerability point for SQL injection attacks.
Fixing this vulnerability in JDBCAppender (a rarely used component) in a backward compatible way would be a lot of work for very little or no benefit.
S such, I propose to remove JDBCAppender from reload4j with no replacement.
Any objections?
-- Ceki Gülcü
Sponsoring SLF4J/logback/reload4j at https://github.com/sponsors/qos-ch _______________________________________________ reload4j mailing list reload4j@qos.ch http://mailman.qos.ch/cgi-bin/mailman/listinfo/reload4j