As an API using Repose, I would like to configure the permissions that log files get created with to ensure only the appropriate users can view the potentially sensitive information in them.
One thing we could do is upgrade our Log4j dependency to 2.9.0 as they introduced this ability in that version. See this story: https://issues.apache.org/jira/browse/LOG4J2-1699
We're currently on version 2.3.
- Log file permissions can be set by Repose operator