vy commented on code in PR #6: URL: https://github.com/apache/logging-site/pull/6#discussion_r2007044573
########## _vulnerabilities.adoc: ########## @@ -106,8 +107,8 @@ Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein |Summary |Thread Context Lookup is vulnerable to remote code execution in certain configurations |CVSS 3.x Score & Vector |9.0 CRITICAL (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) |Components affected |`log4j-core` -|Versions affected |`[2.0-beta9, 2.3.1) ∪ [2.4, 2.12.3) ∪ [2.13.0, 2.17.0)` -|Versions fixed |`2.3.1` (for Java 6), `2.12.3` (for Java 7), and `2.17.0` (for Java 8 and later) +|Versions affected |`[2.0-beta9, 2.3.1) ∪ [2.4, 2.12.3) ∪ [2.13.0, 2.16.0)` Review Comment: In conclusion, - @ppkarwasz, @jvz, and @raboof are +1 - @rgoers and I are -1 Let's stick to the information reflected in the CVEs and move on. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
