Le lun. 13 déc. 2021 à 14:11, Thomas Meyer <tho...@m3y3r.de> a écrit :
> Hi,
>
> Interesting. I know a bit off topic..
>
> Does it make a difference for the vulnerability if I log with:
>
> a) log.warn("log msg param {}", userControlledParam);
>
> Or
>
> b) log.warn(log msg param " + userControlledParam);
>
>
No.
> Mfg
> Thomas
>
>
-----------------
Daniel Savard
