[logback-user] SMTPAppender with Amazon SES
Jason Bennett
jasonab at acm.org
Tue May 14 02:46:18 CEST 2013
> It's most likely coming from a stack trace generated by your application.
> The JavaMail API is vulnerable to header injection via the Subject header,
> and you're probably seeing that phenomenon (though by accident).
>
> For my own application, I wrote a subclass of SMTPAppender that truncates
> the Subject header at the first EOL character, which prevents this issue
> from occurring.
>
>
Thanks, I figured it was something like this, but I didn't realize the
problem with the subject line. Would this be appropriate to file as a JIRA
issue?
jason
--
Jason Bennett, jasonab at acm.org
E pur si muove!
Get Firefox! - http://getfirefox.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qos.ch/pipermail/logback-user/attachments/20130513/d8ae2c8e/attachment.html>
More information about the Logback-user
mailing list