[Esapi-user] log4j.xml should NOT be included in ESAPI.jar by default

Jim Manico jim.manico at owasp.org
Fri Aug 6 19:05:20 EDT 2010


This is a build error, August. None of the configuration files should be in the jar. I'll release the next RC with this fix this weekend.

- Jim

On Aug 6, 2010, at 12:21 PM, August Detlefsen <augustd at codemagi.com> wrote:

> Incuding log4j.xml within the ESAPI jar file can cause your webapp's 
> global log4j settings to be overridden with the ESAPI settings.
> 
> For example, the default ESAPI log4j.xml logs to the console instead of 
> to a file, uses a conversion pattern that doesn't include the date, etc.
> 
> I suggest that an example log4j.xml file be included with the zip 
> download, but NOT be included in the jar.
> 
> Regards,
> August
> 
> -- 
> August Detlefsen
> CEO/Web Application Architect
> CodeMagi, Inc.
> http://www.codemagi.com
> 
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user


More information about the Esapi-user mailing list