LGTM!
Am 17.12.2021 um 11:43 schrieb Mark Thomas:
Unless there are objections, I'm planning on sending a follow-up to the
original email to state (in summary)
- more CVEs have been identified
- given the amount of attention focussed on this there may be further CVEs
- previous advice regarding
Unless there are objections, I'm planning on sending a follow-up to the
original email to state (in summary)
- more CVEs have been identified
- given the amount of attention focussed on this there may be further
CVEs
- previous advice regarding the impact for Tomcat is essentially
unchanged
- f
I guess people here are aware of it, but for the sake of even mire
completeness: the official security document for log4j2 has been amended:
- currently only version 2.16.0 and, if one absolutely needs to run on
Java 7, version 2.12.2 really fix the problems. The originally suggested
version 2
Mark,
Adding that the below message also applies for both CVE-2021-45046 and
CVE-2021-4104 as well as the originally-mentioned 2021-44228, for
completeness.
-chris
On 12/14/21 04:51, Mark Thomas wrote:
The following represents the current understanding of the Apache Tomcat
security team at
The following represents the current understanding of the Apache Tomcat
security team at the time this announcement was issued. There is a lot
of security research being focussed on log4j2 at the moment and it is
probable that additional information will emerge.
Currently supported Tomcat vers
