lpouget
(Laurent Pouget)
1
Hi,
We are using log4j2 and we were hitting the S5145 security rule.
We mitigate it by using the pattern %enc{}{CRLF} in our logging configuration but sonar doesn’t seems to see it.
Did we hit a sonar limitation or our solution doesn’t really mitigate the issue ?
Colin
(Colin)
2
Hey @lpouget
Please read this thread regarding reporting false-positives: