Jira Source code uses methods to write the logs to the Console of the IDE instead of any file handler

While analyzing the Source code of JIRA 8.4.3, our Security Assessment team has found some coding standards used are not as per the Best practices suggested globally to avoid any kind of attacks or to leak any sensitive information.

It is really a concern if any application is using the Console handler to write all the log errors during the runtime. Best Practice would be to use any file handler or other logging mechanism to handle the log errors instead of console.

Below are some of the Java files where it has been highlighted:

atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\avatar\AvatarServiceImpl.java 92, 111, 118,370, 420
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\cache\soy\SoyCacheWarmer.java 123, 126
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\charts\PieChart.java 80, 95, 97,109, 115
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\concurrent\BarrierImpl.java 44, 50, 55, 61, 67
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\help\CachingHelpUrls.java 106, 112, 118, 124
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\help\StaticHelpUrls.java 48
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\i18n\BackingI18n.java 239
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\i18n\CachingI18nFactory.java 143
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\index\ha\IndexUtils.java 126, 229, 246
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\index\DefaultIndexEngine.java 271, 328
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\index\IssueIndexHelper.java 112, 119
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\logging\JiraHomeAppender.java 275
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\mail\MailingListCompiler.java 169, 173, 391, 394, 397, 400, 404
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\ofbiz\IssueGenericValue.java 35, 45, 56
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\plugin\JiraCacheResetter.java 82, 85, 107
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\plugin\JiraPluginManager.java 182, 196, 211, 267
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\project\ProjectCache.java 86, 96
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\security\type\UserCF.java 136
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\service\ServiceRunner.java 59, 64
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\startup\DatabaseLauncher.java 132, 133
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\startup\ThreadDumper.java
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\task\TaskManagerImpl.java 162, 350
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\timezone\TimeZoneIds.java 69
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\upgrade\ConnectionKeeper.java 143
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\upgrade\DropIndexHelper.java 103
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\user\util\UserUtilImpl.java 236, 351
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\util\log\JiraLogLocator.java 109
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\util\ExceptionUtil.java 42, 60
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\util\JiraVelocityHelper.java 223
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\web\tags\StripHtmlMarkup.java 44
atlassian-jira-software-8.4.3-source\jira-project\jira-components\jira-core\src\main\java\com\atlassian\jira\web\tags\Text2Html.java 44