Hi,

I think that's a sensible suggestion.

Those who need that functionality could always add a JDBCAppender of their own separately.

/Robert
-- _______________________________________
Robert Olofsson, Sweden

http://www.unlogic.se


On January 19, 2022 9:38:04 AM GMT+01:00, "Ceki Gülcü" <ceki@qos.ch> wrote:

Hi All,

JDBCAppender uses simple strings instead of java.sql.Statement to talk
to the database. This creates a vulnerability point for SQL injection
attacks.

Fixing this vulnerability in JDBCAppender (a rarely used component) in a
backward compatible way would be a lot of work for very little or no
benefit.

S such, I propose to remove JDBCAppender from reload4j with no replacement.

Any objections?

-- 
Ceki Gülcü

Sponsoring SLF4J/logback/reload4j at https://github.com/sponsors/qos-ch
reload4j mailing list
reload4j@qos.ch
http://mailman.qos.ch/cgi-bin/mailman/listinfo/reload4j