[Esapi-user] log4j.xml should NOT be included in ESAPI.jar by default
jim.manico at owasp.org
Fri Aug 6 19:05:20 EDT 2010
This is a build error, August. None of the configuration files should be in the jar. I'll release the next RC with this fix this weekend.
On Aug 6, 2010, at 12:21 PM, August Detlefsen <augustd at codemagi.com> wrote:
> Incuding log4j.xml within the ESAPI jar file can cause your webapp's
> global log4j settings to be overridden with the ESAPI settings.
> For example, the default ESAPI log4j.xml logs to the console instead of
> to a file, uses a conversion pattern that doesn't include the date, etc.
> I suggest that an example log4j.xml file be included with the zip
> download, but NOT be included in the jar.
> August Detlefsen
> CEO/Web Application Architect
> CodeMagi, Inc.
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
More information about the Esapi-user