Why Log4J2 solve Log Forging Issues?


Question over fortify scans. I  get Log Forging issues by using java.util.logger. If I change my Log implementation to Log4J2 (log4j-api-1.2.8, log4j-core-1.2.8) the log forging issues are no longer flagged by Fortify.


Can anyone tell me why this is please?


Parents Reply Children
No Data