Why Log4J2 solve Log Forging Issues?

Hello,

Question over fortify scans. I  get Log Forging issues by using java.util.logger. If I change my Log implementation to Log4J2 (log4j-api-1.2.8, log4j-core-1.2.8) the log forging issues are no longer flagged by Fortify.

 

Can anyone tell me why this is please?

Tags:

Parents Reply Children
No Data