log4j.appender.TTY=org.apache.log4j.ConsoleAppender\r
log4j.appender.TTY.Threshold=DEBUG\r
log4j.appender.TTY.layout=org.apache.log4j.PatternLayout\r
-log4j.appender.TTY.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss.SSS} %-5p [%-28c{2}] - %m%n\r
+log4j.appender.TTY.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss.SSS} %-5p [%-28c{2}] - %m{nolookups}%n\r
+\r
+#NOTE: vulnerability with bare percent m style: https://news.ycombinator.com/item?id=29507263\r
\r
# LOGFILE is set to be a RollingFileAppender using a PatternLayout.\r
log4j.appender.LOGFILE=org.apache.log4j.RollingFileAppender\r
log4j.appender.LOGFILE.MaxBackupIndex=10\r
log4j.appender.LOGFILE.Threshold=DEBUG\r
log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout\r
-log4j.appender.LOGFILE.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss.SSS} %-5p [%-28c{2}] - %m%n\r
+log4j.appender.LOGFILE.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss.SSS} %-5p [%-28c{2}] - %m{nolookups}%n\r
\r