Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-30845

request log scanner for log4j visualizer may discard IO exceptions instead of logging them

    Details

    • Story Points:
      1
    • Sprint:
      NXRM MadMax Sprint 25, NXRM MadMax Sprint 26
    • Notability:
      2
    • InvestmentLayer:
      support-escalated
    • Aha Concept:
      non-concept

      Description

      The Log4j visualizer scans request log files for patterns matching vulnerable components. When an IO exception is encountered parsing a log file, the exception is discard and not logged.

      Expected

      Always log exception details. In this case at DEBUG level, include the Exception message and at TRACE level include the full stack trace.

        Attachments

          Activity

            People

            Assignee:
            vgrab Vladimir Grab
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Nicholas Blair Nicholas Blair
            Team:
            NXRM - Mad Max
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title