rgoers commented on PR #6: URL: https://github.com/apache/logging-site/pull/6#issuecomment-2723881567
First, I think you should link to https://musigma.blog/2023/11/10/log4shell-history.html. While Matt's page says Log4Shell was fixed in 2.16.0 my recollection was that 2.17.0 was the only release I would recommend. I believe that was the release where Carter finally resolved the problems with recursive lookups. FWIW - 44228 was NOT just about JNDI. It was the combination of the JNDI bug with the recursive lookup on message data that caused Log4Shell. While both were bad, either on their own would not have been anywhere near as serious. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
