[GitHub] [logging-log4j2] suesunss commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
suesunss commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990711764 I saw 2.15.0 was uploaded to the maven central: https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/ Could anyone point out if thi

[GitHub] [logging-log4j2] sunnypav edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
sunnypav edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990683057 I guess the RCE can be exploited by using a message which has a JNDI lookup which, is not possible in log4j 1.x as it doesn't support lookups. And JMS Appender can

[GitHub] [logging-log4j2] sunnypav commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
sunnypav commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990683057 I guess the RCE can be exploited by using a message which has a JNDI lookup which, is not possible in log4j 1.x as it doesn't support lookups. And JMS Appender can be adde

[jira] [Created] (LOG4J2-3204) SpringLookup not found while Interpolator initializing

2021-12-09 Thread francis (Jira)
francis created LOG4J2-3204: --- Summary: SpringLookup not found while Interpolator initializing Key: LOG4J2-3204 URL: https://issues.apache.org/jira/browse/LOG4J2-3204 Project: Log4j 2 Issue Type: Bu

[GitHub] [logging-log4j2] Baoqi commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
Baoqi commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990674220 @remkop , thanks for your reply. Just want to make it more clear, because many people reach this issue mainly for the "JNDI lookup" CVE, so, for log4j 1.x, although it conta

[GitHub] [logging-log4j2] remkop commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
remkop commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990661374 > @remkop Which description is correct ? @linux-ops You are asking me? Well, in my totally objective, completely unbiased opinion, there is no doubt that my comment is

[jira] [Commented] (LOG4J2-3201) Limit the protocols jNDI can use and restrict LDAP.

2021-12-09 Thread Jeremy Li (Jira)
[ https://issues.apache.org/jira/browse/LOG4J2-3201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17456907#comment-17456907 ] Jeremy Li commented on LOG4J2-3201: --- Will there be incremental update packages for his

[jira] [Work logged] (LOG4NET-680) .NET 6 threadpool thread name is not helpful in %thread/%t field

2021-12-09 Thread ASF GitHub Bot (Jira)
[ https://issues.apache.org/jira/browse/LOG4NET-680?focusedWorklogId=693733&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-693733 ] ASF GitHub Bot logged work on LOG4NET-680: -- Author: ASF GitHub Bot

[GitHub] [logging-log4net] fluffynuts commented on pull request #78: (LOG4NET-680) For %thread/%t, use the numeric thread ID for .NET worker pool threads

2021-12-09 Thread GitBox
fluffynuts commented on pull request #78: URL: https://github.com/apache/logging-log4net/pull/78#issuecomment-990650366 @zhiweiv I was spinning up a release not too long ago - there are some other small fixes that I'd like to get out. I just got a little swamped with other stuff in the mea

[GitHub] [logging-log4j2] zuoshangs commented on pull request #537: Lambda improvements:

2021-12-09 Thread GitBox
zuoshangs commented on pull request #537: URL: https://github.com/apache/logging-log4j2/pull/537#issuecomment-990647528 Lambda is not necessary -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to th

[GitHub] [logging-log4j2] zuoshangs commented on pull request #613: Spelling

2021-12-09 Thread GitBox
zuoshangs commented on pull request #613: URL: https://github.com/apache/logging-log4j2/pull/613#issuecomment-990646688 emm -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment.

[GitHub] [logging-log4j2] jsoref opened a new pull request #613: Spelling

2021-12-09 Thread GitBox
jsoref opened a new pull request #613: URL: https://github.com/apache/logging-log4j2/pull/613 https://issues.apache.org/jira/browse/LOG4J2-3203 This PR corrects misspellings identified by the [check-spelling action](https://github.com/marketplace/actions/check-spelling). The m

[jira] [Created] (LOG4J2-3203) Spelling

2021-12-09 Thread Josh Soref (Jira)
Josh Soref created LOG4J2-3203: -- Summary: Spelling Key: LOG4J2-3203 URL: https://issues.apache.org/jira/browse/LOG4J2-3203 Project: Log4j 2 Issue Type: Improvement Reporter: Josh Sor

[GitHub] [logging-log4j2] Glavo edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
Glavo edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990620253 [Glavo/log4j-patch](https://github.com/Glavo/log4j-patch) has been published to Maven Central. If anyone cannot update to 2.15, he/she only needs to add log4j-patch as

[GitHub] [logging-log4j2] Glavo edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
Glavo edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990620253 [Glavo/log4j-patch](https://github.com/Glavo/log4j-patch) has been published to Maven Central. If anyone cannot update to 2.15, he/she only needs to add log4j-patch as

[GitHub] [logging-log4j2] linux-ops edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
linux-ops edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990629440 > > Hi @rgoers, is log4j 1.x vulnerable? > > Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. ~I also could not find any other reference

[GitHub] [logging-log4j2] linux-ops edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
linux-ops edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990629440 > > Hi @rgoers, is log4j 1.x vulnerable? > > Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. ~I also could not find any other reference

[GitHub] [logging-log4j2] linux-ops edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
linux-ops edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990629440 > > Hi @rgoers, is log4j 1.x vulnerable? > > Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. ~I also could not find any other reference

[GitHub] [logging-log4j2] linux-ops commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
linux-ops commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990629440 > > Hi @rgoers, is log4j 1.x vulnerable? > > Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. ~I also could not find any other reference to JNDI

[jira] [Created] (LOG4NET-682) Log4Net - Memory Leak - Post Upgrade to version 2.0.12.0

2021-12-09 Thread Rajasekar P (Jira)
Rajasekar P created LOG4NET-682: --- Summary: Log4Net - Memory Leak - Post Upgrade to version 2.0.12.0 Key: LOG4NET-682 URL: https://issues.apache.org/jira/browse/LOG4NET-682 Project: Log4net Issu

[GitHub] [logging-log4j2] Glavo commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
Glavo commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990620253 [Glavo/log4j-patch](https://github.com/Glavo/log4j-patch) has been published to Maven Central. If anyone cannot update to 2.15, he/she only needs to add log4j-patch as the fi

[GitHub] [logging-log4j2] remkop commented on a change in pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
remkop commented on a change in pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#discussion_r766293495 ## File path: src/site/xdoc/manual/appenders.xml ## @@ -1555,6 +1555,33 @@ public class ConnectionFactory { Default Desc

[GitHub] [logging-log4j2] Glavo commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
Glavo commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990539235 > Quick Question, there is a remote code execution vulnerability in Minecraft. From what I can tell it is somehow related to this. Does anyone know if this the cause?

[GitHub] [logging-log4j2] MyUsernamee removed a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
MyUsernamee removed a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990536644 Quick Question, there is a remote code execution vulnerability in Minecraft. From what I can tell it is somehow related to this. Does anyone know if this the ca

[jira] [Work logged] (LOG4NET-680) .NET 6 threadpool thread name is not helpful in %thread/%t field

2021-12-09 Thread ASF GitHub Bot (Jira)
[ https://issues.apache.org/jira/browse/LOG4NET-680?focusedWorklogId=693677&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-693677 ] ASF GitHub Bot logged work on LOG4NET-680: -- Author: ASF GitHub Bot

[GitHub] [logging-log4net] zhiweiv edited a comment on pull request #78: (LOG4NET-680) For %thread/%t, use the numeric thread ID for .NET worker pool threads

2021-12-09 Thread GitBox
zhiweiv edited a comment on pull request #78: URL: https://github.com/apache/logging-log4net/pull/78#issuecomment-990534030 Any chance to merge this and release a new version asap? It is a big problem for .net 6.0. @fluffynuts -- This is an automated message from the Apache Git Servic

[jira] [Comment Edited] (LOGCXX-537) double mutex lock

2021-12-09 Thread Truman Lackey (Jira)
[ https://issues.apache.org/jira/browse/LOGCXX-537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17456855#comment-17456855 ] Truman Lackey edited comment on LOGCXX-537 at 12/10/21, 2:13 AM: --

[jira] [Comment Edited] (LOGCXX-537) double mutex lock

2021-12-09 Thread Truman Lackey (Jira)
[ https://issues.apache.org/jira/browse/LOGCXX-537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17456855#comment-17456855 ] Truman Lackey edited comment on LOGCXX-537 at 12/10/21, 2:12 AM: --

[GitHub] [logging-log4j2] MyUsernamee edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
MyUsernamee edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990536644 Quick Question, there is a remote code execution vulnerability in Minecraft. From what I can tell it is somehow related to this. Does anyone know if this the cau

[jira] [Comment Edited] (LOGCXX-537) double mutex lock

2021-12-09 Thread Truman Lackey (Jira)
[ https://issues.apache.org/jira/browse/LOGCXX-537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17456855#comment-17456855 ] Truman Lackey edited comment on LOGCXX-537 at 12/10/21, 2:11 AM: --

[GitHub] [logging-log4j2] MyUsernamee commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
MyUsernamee commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990536644 Quick Question, there is a remote code execution vulnerability from what I understand. From what I can tell it is somehow related to this. Does anyone know if this the

[GitHub] [logging-log4j2] Glavo commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
Glavo commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990536602 I provide a patch library to solve this vulnerability (disable JNDI lookup): [Glavo/log4j-patch](https://github.com/Glavo/log4j-patch) It provides an empty `JndiLookup`

[GitHub] [logging-log4j2] MyUsernamee edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
MyUsernamee edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990536644 Quick Question, there is a remote code execution vulnerability in minecraft from what I understand. From what I can tell it is somehow related to this. Does anyo

[jira] [Commented] (LOGCXX-537) double mutex lock

2021-12-09 Thread Truman Lackey (Jira)
[ https://issues.apache.org/jira/browse/LOGCXX-537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17456855#comment-17456855 ] Truman Lackey commented on LOGCXX-537: -- I will need to generate test code and config

[jira] [Work logged] (LOG4NET-680) .NET 6 threadpool thread name is not helpful in %thread/%t field

2021-12-09 Thread ASF GitHub Bot (Jira)
[ https://issues.apache.org/jira/browse/LOG4NET-680?focusedWorklogId=693674&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-693674 ] ASF GitHub Bot logged work on LOG4NET-680: -- Author: ASF GitHub Bot

[GitHub] [logging-log4net] zhiweiv commented on pull request #78: (LOG4NET-680) For %thread/%t, use the numeric thread ID for .NET worker pool threads

2021-12-09 Thread GitBox
zhiweiv commented on pull request #78: URL: https://github.com/apache/logging-log4net/pull/78#issuecomment-990534030 Any chance to merge this and release a new version asap? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and

[GitHub] [logging-log4j2] JLLeitschuh commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
JLLeitschuh commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990527697 Is this fix insufficient in the context of an SSRF vulnerability? IE. can an attacker still make malicious requests that abuse this from localhost if another local serv

[jira] [Created] (LOGCXX-537) double mutex lock

2021-12-09 Thread Truman Lackey (Jira)
Truman Lackey created LOGCXX-537: Summary: double mutex lock Key: LOGCXX-537 URL: https://issues.apache.org/jira/browse/LOGCXX-537 Project: Log4cxx Issue Type: Bug Components: Appen

[GitHub] [logging-log4j2] remkop edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
remkop edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 > Hi @rgoers, is log4j 1.x vulnerable? Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. ~~I also could not find any other reference to JNDI

[GitHub] [logging-log4j2] garydgregory commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
garydgregory commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990504842 As documented here: https://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/net/JMSAppender.html Gary On Thu, Dec 9, 2021, 20:30 Gary Gregory ***

[GitHub] [logging-log4j2] garydgregory commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
garydgregory commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990499954 We need to look at the log4j 1 JMS Appender which I thought had at least programmatic support for JNDI. Gary On Thu, Dec 9, 2021, 20:26 Remko Popma ***@

[GitHub] [logging-log4j2] remkop edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
remkop edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 > Hi @rgoers, is log4j 1.x vulnerable? Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. I also could not find any other reference to JNDI in

[GitHub] [logging-log4j2] remkop commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
remkop commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 > Hi @rgoers, is log4j 1.x vulnerable? Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. I also could not find any other reference to JNDI in the [l

[GitHub] [logging-log4j2] yuezk commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
yuezk commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990484694 Hi @rgoers, is log4j 1.x vulnerable? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to

[GitHub] [logging-log4j2] moonming commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
moonming commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990484436 @remkop thanks for your great work 👍 I come from the [Apache APISIX](https://github.com/apache/apisix) community, and we can intercept this security vulnerability at the

[GitHub] [logging-log4j2] remkop edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
remkop edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990474429 Update: the vote for log4j-2.15.0 passed and the release is in progress. I can see the log4j web site reflecting the [log4j 2.15.0 release](https://logging.apac

[GitHub] [logging-log4j2] remkop commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
remkop commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990474429 Update: the vote for log4j-2.15.0 passed and the release is in progress. I can see the log4j web site reflecting the [log4j 2.15.0 release](https://logging.apache.org/

[GitHub] [logging-log4j2] zhangyoufu edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
zhangyoufu edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990305306 You can't ask everybody to upgrade to 2.15 at once. And the `formatMsgNoLookups` option is available to log4j ≥ 2.10 only. Thanks to [LOG4J2-703](https://g

[GitHub] [logging-log4j2] zhangyoufu edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
zhangyoufu edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990305306 You can't ask everybody to upgrade to 2.15 at once. And the `formatMsgNoLookups` option is available to log4j ≥ 2.10 only. Thanks to [LOG4J2-703](https://g

[GitHub] [logging-log4j2] zhangyoufu edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
zhangyoufu edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990305306 You can't ask everybody to upgrade to 2.15 at once. The `formatMsgNoLookups` option is available to log4j ≥ 2.10 only. Thanks to [LOG4J2-703](https://githu

[GitHub] [logging-log4j2] zhangyoufu commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
zhangyoufu commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990305306 You can't ask everybody to upgrade to 2.15 at once. The `formatMsgNoLookups` option is available to log4j ≥ 2.10 only. Thanks to LOG4J2-703, I think it's quite saf

[GitHub] [logging-log4j2] remkop commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
remkop commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990264908 > > > > > Is it a security vulnerability? > > > > > > > > > > > > I think it is. > > > > It is very surprising that this critical security issue does not seem t

[GitHub] [logging-log4j2] garydgregory commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
garydgregory commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990217634 Also, if this matters to you so much, why not show it with a donation to the Apache Software Foundation https://www.apache.org/foundation/contributing.html or this pro

[GitHub] [logging-log4j2] garydgregory commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
garydgregory commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990213446 Your patience will soon be rewarded... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL

[jira] [Commented] (LOG4J2-3201) Limit the protocols jNDI can use and restrict LDAP.

2021-12-09 Thread Sean Busbey (Jira)
[ https://issues.apache.org/jira/browse/LOG4J2-3201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17456699#comment-17456699 ] Sean Busbey commented on LOG4J2-3201: - the 2.15.0 release vote is ongoing. please se

[jira] [Resolved] (LOG4J2-3202) Only allow lookups in message, not in parameters.

2021-12-09 Thread Carter Kozak (Jira)
[ https://issues.apache.org/jira/browse/LOG4J2-3202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carter Kozak resolved LOG4J2-3202. -- Fix Version/s: 2.15.0 Resolution: Duplicate This is resolved in the pending 2.15.0 rele

[jira] [Created] (LOG4J2-3202) Only allow lookups in message, not in parameters.

2021-12-09 Thread InkerBot (Jira)
InkerBot created LOG4J2-3202: Summary: Only allow lookups in message, not in parameters. Key: LOG4J2-3202 URL: https://issues.apache.org/jira/browse/LOG4J2-3202 Project: Log4j 2 Issue Type: Impro

[GitHub] [logging-log4j2] GalvinGao edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
GalvinGao edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990106334 > > > > Is it a security vulnerability? > > > > > > > > > I think it is. > > > It is very surprising that this critical security issue does not seem t

[GitHub] [logging-log4j2] GalvinGao commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
GalvinGao commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990106334 > > > > Is it a security vulnerability? > > > > > > > > > I think it is. > > > It is very surprising that this critical security issue does not seem to have

[GitHub] [logging-log4j2] Glavo edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
Glavo edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990094911 > > > Is it a security vulnerability? > > > > > > I think it is. > > It is very surprising that this critical security issue does not seem to have receive

[GitHub] [logging-log4j2] Glavo edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
Glavo edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990094911 > > > Is it a security vulnerability? > > > > > > I think it is. > > It is very surprising that this critical security issue does not seem to have receive

[GitHub] [logging-log4j2] Glavo commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
Glavo commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990094911 > > > Is it a security vulnerability? > > > > > > I think it is. > > It is very surprising that this critical security issue does not seem to have received due a

[GitHub] [logging-log4j2] garydgregory commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
garydgregory commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990070794 > > Is it a security vulnerability? > > I think it is. > > It is very surprising that this critical security issue does not seem to have received due atte

[jira] [Created] (LOG4NET-681) RollingFileAppender thread safety issue

2021-12-09 Thread Tom Judge (Jira)
Tom Judge created LOG4NET-681: - Summary: RollingFileAppender thread safety issue Key: LOG4NET-681 URL: https://issues.apache.org/jira/browse/LOG4NET-681 Project: Log4net Issue Type: Bug

[GitHub] [logging-log4j2] Glavo commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
Glavo commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990065982 > Is it a security vulnerability? I think it is. It is very surprising that this critical security issue does not seem to have received due attention. It was rep

[CI][SUCCESS] Logging/log4j/release-2.x#411 back to normal

2021-12-09 Thread Mr. Jenkins
BUILD SUCCESS Build URL https://ci-builds.apache.org/job/Logging/job/log4j/job/release-2.x/411/ Project: release-2.x Date of build: Thu, 09 Dec 2021 16:00:50 + Build duration: 1 hr 4 min and counting JUnit Tests Name: (root) Failed: 0 test(s), Pa

[GitHub] [logging-log4j2] vy commented on pull request #612: fix: NPE for SetUtils.prefixSet

2021-12-09 Thread GitBox
vy commented on pull request #612: URL: https://github.com/apache/logging-log4j2/pull/612#issuecomment-989987143 Thanks! Merged into both `master` and `release-2.x`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the

[GitHub] [logging-log4j2] vy closed pull request #612: fix: NPE for SetUtils.prefixSet

2021-12-09 Thread GitBox
vy closed pull request #612: URL: https://github.com/apache/logging-log4j2/pull/612 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-

[GitHub] [logging-log4j2] qxo opened a new pull request #612: fix: NPE for SetUtils.prefixSet

2021-12-09 Thread GitBox
qxo opened a new pull request #612: URL: https://github.com/apache/logging-log4j2/pull/612 ![](https://raw.githubusercontent.com/qxo/public/446c19b37fe6ea1c6dafe8b4d998dd3ed92941d3/log4j2-SetUtils.prefixSet-NPE.png) -- This is an automated message from the Apache Git Service. To respond

[GitHub] [logging-log4j2] wcc526 edited a comment on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
wcc526 edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-989762094 Is it a security vulnerability? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above

[GitHub] [logging-log4j2] wcc526 commented on pull request #608: Restrict LDAP access via JNDI

2021-12-09 Thread GitBox
wcc526 commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-989762094 Is it a security vulneribity? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to

[CI][UNSTABLE] Logging/log4j/release-2.x#410 has test failures

2021-12-09 Thread Mr. Jenkins
BUILD UNSTABLE Build URL https://ci-builds.apache.org/job/Logging/job/log4j/job/release-2.x/410/ Project: release-2.x Date of build: Thu, 09 Dec 2021 08:13:13 + Build duration: 1 hr 38 min and counting JUnit Tests Name: (root) Failed: 0 test(s),