1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Description: CVE-2025-54812 - part 3 - inproper escape of thread name in htmllayoutappender
Origin: https://github.com/apache/logging-log4cxx/pull/513
Bug: https://logging.apache.org/security.html#CVE-2025-54812
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111879
From ffc2ab7138577bca0e4f0b0d48cacd386cce09cd Mon Sep 17 00:00:00 2001
From: Stephen Webb <swebb2066@gmail.com>
Date: Mon, 21 Jul 2025 15:43:01 +1000
Subject: [PATCH] Allow a HTMLLayout title to contain characters special to
HTML
---
src/main/cpp/htmllayout.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/main/cpp/htmllayout.cpp b/src/main/cpp/htmllayout.cpp
index ed6e61d76..cce9c1dc2 100644
--- a/src/main/cpp/htmllayout.cpp
+++ b/src/main/cpp/htmllayout.cpp
@@ -183,7 +183,7 @@ void HTMLLayout::appendHeader(LogString& output, Pool& p)
output.append(LOG4CXX_STR("<head>"));
output.append(LOG4CXX_EOL);
output.append(LOG4CXX_STR("<title>"));
- output.append(m_priv->title);
+ Transform::appendEscapingTags(output, m_priv->title);
output.append(LOG4CXX_STR("</title>"));
output.append(LOG4CXX_EOL);
output.append(LOG4CXX_STR("<style type=\"text/css\">"));
|
