Fortify Static Code Analyser has reported following issues in LoggingToolkit.java

1. Log Forging

The method initializeLogging() in LoggingToolkit.java writes unvalidated user input to the log on line 110. An attacker could take advantage of this behavior to forge log entries or inject malicious content into the log.

2. Shared Sink

Attackers are able to control the file system path argument to File() at LoggingToolkit.java line 163, which allows them to access or modify otherwise protected files.

3. Path Manipulation

Attackers are able to control the file system path argument to File() at LoggingToolkit.java line 106, which allows them to access or modify otherwise protected files.