srdo commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-998546015
@carterkozak An issue like 3230 would have been much less serious if the
substitutor weren't capable of infinite recursion. This is an attempt at harm
reduction in case an iss
[
https://issues.apache.org/jira/browse/LOG4J2-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ralph Goers resolved LOG4J2-3242.
-
Resolution: Fixed
Fix has been applied
> Limit JNDI to the java protocol only
> ---
[
https://issues.apache.org/jira/browse/LOG4J2-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ralph Goers updated LOG4J2-3242:
Fix Version/s: 2.12.3
2.3.1
2.17.0
(wa
[
https://issues.apache.org/jira/browse/LOG4J2-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ralph Goers closed LOG4J2-3242.
---
> Limit JNDI to the java protocol only
>
>
> Key: L
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17463019#comment-17463019
]
Ralph Goers commented on LOG4J2-3230:
-
We have 3 CVEs because there were several dis
[
https://issues.apache.org/jira/browse/LOG4J2-3265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17463015#comment-17463015
]
Gobi commented on LOG4J2-3265:
--
Thank you very much Ralph for your immediate response
> CV
[
https://issues.apache.org/jira/browse/LOG4J2-3265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17463008#comment-17463008
]
Ralph Goers commented on LOG4J2-3265:
-
Log4j 2.13.3 for Java 7 and Log4j 2.3.1 for J
[
https://issues.apache.org/jira/browse/LOG4J2-3265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17463008#comment-17463008
]
Ralph Goers edited comment on LOG4J2-3265 at 12/21/21, 6:09 AM:
--
[
https://issues.apache.org/jira/browse/LOG4J2-3258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17463001#comment-17463001
]
Ralph Goers edited comment on LOG4J2-3258 at 12/21/21, 6:03 AM:
--
[
https://issues.apache.org/jira/browse/LOG4J2-3258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17463006#comment-17463006
]
Ralph Goers commented on LOG4J2-3258:
-
I should also add that we discussed adding an
[
https://issues.apache.org/jira/browse/LOG4J2-3258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17463001#comment-17463001
]
Ralph Goers commented on LOG4J2-3258:
-
[~BigMichi1] May I ask why you need to use
[
https://issues.apache.org/jira/browse/LOG4J2-3258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462999#comment-17462999
]
Ralph Goers edited comment on LOG4J2-3258 at 12/21/21, 5:50 AM:
--
[
https://issues.apache.org/jira/browse/LOG4J2-3258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462999#comment-17462999
]
Ralph Goers commented on LOG4J2-3258:
-
Looking at this
{code:java}
$${env:LOG
Gobi created LOG4J2-3265:
Summary: CVE-2021-45105 fix for Java 7
Key: LOG4J2-3265
URL: https://issues.apache.org/jira/browse/LOG4J2-3265
Project: Log4j 2
Issue Type: Bug
Reporter: Gobi
[
https://issues.apache.org/jira/browse/LOG4J2-3218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matt Sicker updated LOG4J2-3218:
Description: Kotlin API currently depends on log4j2 API version 2.13.2
which, assuming users are u
[
https://issues.apache.org/jira/browse/LOG4J2-3218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matt Sicker reassigned LOG4J2-3218:
---
Assignee: Matt Sicker
> Upgrade log4j2 dependency version in the kotlin logging API for
>
[
https://issues.apache.org/jira/browse/LOG4J2-3218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matt Sicker updated LOG4J2-3218:
Summary: Upgrade log4j2 dependency version in the kotlin logging API for
CVE-2021-44228, CVE-2021-
[
https://issues.apache.org/jira/browse/LOG4J2-3218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matt Sicker resolved LOG4J2-3218.
-
Fix Version/s: Kotlin 1.2.0
Resolution: Fixed
> Upgrade log4j2 dependency version in the
jvz merged pull request #7:
URL: https://github.com/apache/logging-log4j-scala/pull/7
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notification
jvz commented on pull request #5:
URL: https://github.com/apache/logging-log4j-scala/pull/5#issuecomment-998438723
Made some minor dependency updates recently. Go ahead and rebase or merge
from master.
--
This is an automated message from the Apache Git Service.
To respond to the message
jvz merged pull request #6:
URL: https://github.com/apache/logging-log4j-scala/pull/6
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notification
sullis commented on pull request #6:
URL: https://github.com/apache/logging-log4j-scala/pull/6#issuecomment-998426835
@jvz @garydgregory
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the spec
sullis closed pull request #4:
URL: https://github.com/apache/logging-log4j-scala/pull/4
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificat
sullis commented on pull request #4:
URL: https://github.com/apache/logging-log4j-scala/pull/4#issuecomment-998426571
obsolete.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comme
[
https://issues.apache.org/jira/browse/LOGCXX-537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Middleton resolved LOGCXX-537.
-
Resolution: Fixed
> double mutex lock
> -
>
> Key: LOGCXX
rm5248 merged pull request #82:
URL: https://github.com/apache/logging-log4cxx/pull/82
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificatio
carterkozak commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-998413709
I'm not sure I entirely understand what we're protecting against -- I'd
consider any recursion beyond what the configuration author expects to be an
incredibly serious
carterkozak commented on a change in pull request #646:
URL: https://github.com/apache/logging-log4j2/pull/646#discussion_r772782492
##
File path:
log4j-core/src/main/java/org/apache/logging/log4j/core/lookup/MapLookup.java
##
@@ -122,14 +122,14 @@ public String lookup(final L
carterkozak commented on a change in pull request #646:
URL: https://github.com/apache/logging-log4j2/pull/646#discussion_r772782217
##
File path:
log4j-core/src/main/java/org/apache/logging/log4j/core/lookup/MapLookup.java
##
@@ -122,14 +122,14 @@ public String lookup(final L
quaff commented on a change in pull request #646:
URL: https://github.com/apache/logging-log4j2/pull/646#discussion_r772771184
##
File path:
log4j-core/src/test/java/org/apache/logging/log4j/core/lookup/MapLookupTest.java
##
@@ -107,7 +107,7 @@ public void testLookupDefaultMap
garydgregory commented on a change in pull request #646:
URL: https://github.com/apache/logging-log4j2/pull/646#discussion_r772766541
##
File path:
log4j-core/src/test/java/org/apache/logging/log4j/core/lookup/MapLookupTest.java
##
@@ -107,7 +107,7 @@ public void testLookupDef
[
https://issues.apache.org/jira/browse/LOG4J2-3264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462911#comment-17462911
]
Yanming Zhou commented on LOG4J2-3264:
--
PR [https://github.com/apache/logging-log4j
Yanming Zhou created LOG4J2-3264:
Summary: MapLookup should lookup MapMessage before properties
Key: LOG4J2-3264
URL: https://issues.apache.org/jira/browse/LOG4J2-3264
Project: Log4j 2
Issue
[
https://issues.apache.org/jira/browse/LOGCXX-544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462890#comment-17462890
]
Robert Middleton commented on LOGCXX-544:
-
A quick look at the diff makes sense t
[
https://issues.apache.org/jira/browse/LOG4J2-3192?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462881#comment-17462881
]
Volkan Yazici commented on LOG4J2-3192:
---
[~sz7], mind submitting a PR against {{re
vy closed pull request #631:
URL: https://github.com/apache/logging-log4j2/pull/631
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
vy commented on pull request #631:
URL: https://github.com/apache/logging-log4j2/pull/631#issuecomment-998327523
@zhuyou1234, thanks for your contribution. I think allowing empty names were
already a bug in the first place. Hence, I am inclined to keep the code in its
current state (that i
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462850#comment-17462850
]
William Tulaba edited comment on LOG4J2-3230 at 12/20/21, 10:17 PM:
--
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462850#comment-17462850
]
William Tulaba commented on LOG4J2-3230:
[~pmalone] Thank you for asking the que
[
https://issues.apache.org/jira/browse/LOG4J2-3238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462847#comment-17462847
]
Volkan Yazici edited comment on LOG4J2-3238 at 12/20/21, 9:55 PM:
[
https://issues.apache.org/jira/browse/LOG4J2-3238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Volkan Yazici closed LOG4J2-3238.
-
Resolution: Not A Problem
> Log4j 1.2 bridge API doesn't write the messages to rsyslog in prope
[
https://issues.apache.org/jira/browse/LOG4J2-3238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462847#comment-17462847
]
Volkan Yazici commented on LOG4J2-3238:
---
This is a Log4j 1 problem and that projec
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462831#comment-17462831
]
Carter Kozak edited comment on LOG4J2-3230 at 12/20/21, 9:16 PM:
-
[ https://issues.apache.org/jira/browse/LOG4J2-3230 ]
Peter Malone deleted comment on LOG4J2-3230:
--
was (Author: JIRAUSER282309):
I briefly tested versions 2.3, 2.4, 2.5, 2.6 and 2.7, and they do not appear
vulnerable to this infinite loop iss
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462840#comment-17462840
]
Peter Malone commented on LOG4J2-3230:
--
I briefly tested versions 2.3, 2.4, 2.5, 2.
[
https://issues.apache.org/jira/browse/LOG4J2-3236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462837#comment-17462837
]
Volkan Yazici commented on LOG4J2-3236:
---
Hey [~ChrisHegarty]! Thanks so much for t
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462831#comment-17462831
]
Carter Kozak commented on LOG4J2-3230:
--
There is no way to flip substitutionInVaria
[
https://issues.apache.org/jira/browse/LOG4J2-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462828#comment-17462828
]
ASF subversion and git services commented on LOG4J2-3242:
-
Commi
rgoers merged pull request #645:
URL: https://github.com/apache/logging-log4j2/pull/645
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificati
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462827#comment-17462827
]
Jon Bristow commented on LOG4J2-3230:
-
[~marioja] : it looks like the chief differen
[
https://issues.apache.org/jira/browse/LOG4J2-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462818#comment-17462818
]
ASF subversion and git services commented on LOG4J2-3242:
-
Commi
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462814#comment-17462814
]
Mario Jauvin commented on LOG4J2-3230:
--
I read the complete ticket and I would kind
[
https://issues.apache.org/jira/browse/LOG4J2-3263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Cédric Champeau updated LOG4J2-3263:
Description:
The docs mention the use of the `compile` configuration, which has been
depr
Cédric Champeau created LOG4J2-3263:
---
Summary: Incorrect documentation about Gradle
Key: LOG4J2-3263
URL: https://issues.apache.org/jira/browse/LOG4J2-3263
Project: Log4j 2
Issue Type: Docu
garydgregory opened a new pull request #645:
URL: https://github.com/apache/logging-log4j2/pull/645
[LOG4J2-3242] Limit JNDI to the java protocol only. JNDI will remain
disabled by default. The enablement property has been renamed to
'log4j2.enableJndiJava'.
--
This is an automated me
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462794#comment-17462794
]
Wojtek commented on LOG4J2-3230:
[~jbristow] I consider your example to be important bec
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462770#comment-17462770
]
Peter Malone commented on LOG4J2-3230:
--
[~jbristow] I'm not using your sample and I
[
https://issues.apache.org/jira/browse/LOG4J2-3257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike closed LOG4J2-3257.
Resolution: Invalid
> MDC class in 2.17.0 has multiple "put" methods
> ---
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462721#comment-17462721
]
Gary D. Gregory commented on LOG4J2-3230:
-
[~pmalone]
I understand your positi
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462717#comment-17462717
]
Jon Bristow commented on LOG4J2-3230:
-
This is a different bug to the JNDI one. It i
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462707#comment-17462707
]
Peter Malone commented on LOG4J2-3230:
--
[~ggregory] Understood, however there are o
[
https://issues.apache.org/jira/browse/LOG4J2-3258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462701#comment-17462701
]
Gary D. Gregory commented on LOG4J2-3258:
-
Ouch, if we broke user's configuratio
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462699#comment-17462699
]
Gary D. Gregory commented on LOG4J2-3230:
-
[~pmalone]
Just update to 2.17.0 wh
[
https://issues.apache.org/jira/browse/LOG4J2-3258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462697#comment-17462697
]
Carter Kozak commented on LOG4J2-3258:
--
This is an intentional change to protect ag
[
https://issues.apache.org/jira/browse/LOGCXX-537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462692#comment-17462692
]
Truman Lackey commented on LOGCXX-537:
--
I have tested this and it is working for me.
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462682#comment-17462682
]
Peter Malone edited comment on LOG4J2-3230 at 12/20/21, 3:51 PM:
-
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462682#comment-17462682
]
Peter Malone commented on LOG4J2-3230:
--
I'm trying to determine why removing *JndiL
[
https://issues.apache.org/jira/browse/LOG4J2-3260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Abhishek Arya updated LOG4J2-3260:
--
Description:
The branch protection setting is missing on
[https://github.com/apache/logging-l
[
https://issues.apache.org/jira/browse/LOG4J2-3198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462673#comment-17462673
]
ASF subversion and git services commented on LOG4J2-3198:
-
Commi
[
https://issues.apache.org/jira/browse/LOG4J2-3258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462664#comment-17462664
]
Michael Cramer commented on LOG4J2-3258:
we have the same problem that since 2.1
SIVAKUMAR SIVAPRAHASAM created LOG4J2-3262:
--
Summary: Log4j 2.x mitigations for CVE-45046 is insufficient
Key: LOG4J2-3262
URL: https://issues.apache.org/jira/browse/LOG4J2-3262
Project: Log4j
[
https://issues.apache.org/jira/browse/LOG4J2-3257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462616#comment-17462616
]
Mike commented on LOG4J2-3257:
--
So I know that exception is typically when Java can't resol
garydgregory commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997897168
> > @quaff I don't think that fixes the same thing? This fix is trying to
limit recursion depth in all cases, the fix you are linking disables recursion
in some cases.
[
https://issues.apache.org/jira/browse/LOG4J2-3105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462593#comment-17462593
]
Esteve Blanch commented on LOG4J2-3105:
---
I have the same problem.
What I found is
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462592#comment-17462592
]
Wojtek commented on LOG4J2-3230:
[~rpopma] I only copied code from original issue [^samp
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462583#comment-17462583
]
Remko Popma commented on LOG4J2-3230:
-
[~Aixn] if this string gets printed to the lo
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462567#comment-17462567
]
Wojtek commented on LOG4J2-3230:
I'm afraid that official mitigiation (described in
[ht
remkop commented on a change in pull request #607:
URL: https://github.com/apache/logging-log4j2/pull/607#discussion_r772281862
##
File path: src/site/xdoc/manual/layouts.xml.vm
##
@@ -1455,9 +1455,9 @@ WARN [main]: Message 2
-
remkop closed pull request #638:
URL: https://github.com/apache/logging-log4j2/pull/638
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificati
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462548#comment-17462548
]
Bernd Eckenfels commented on LOG4J2-3230:
-
The lookup of log messages and parame
[
https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462544#comment-17462544
]
Tim Stibbs commented on LOG4J2-3230:
It looks like this issue has been assigned CVE-
[
https://issues.apache.org/jira/browse/LOG4J2-3254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462509#comment-17462509
]
Remko Popma edited comment on LOG4J2-3254 at 12/20/21, 10:37 AM:
-
[
https://issues.apache.org/jira/browse/LOG4J2-3254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462509#comment-17462509
]
Remko Popma commented on LOG4J2-3254:
-
[~4535992] Log4j version 2.12.2 requires Java
[
https://issues.apache.org/jira/browse/LOG4J2-3254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462478#comment-17462478
]
Marco Tenti edited comment on LOG4J2-3254 at 12/20/21, 9:42 AM:
--
[
https://issues.apache.org/jira/browse/LOG4J2-3254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462478#comment-17462478
]
Marco Tenti edited comment on LOG4J2-3254 at 12/20/21, 9:27 AM:
--
[
https://issues.apache.org/jira/browse/LOG4J2-3254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462478#comment-17462478
]
Marco Tenti commented on LOG4J2-3254:
-
Hello version 2.17 seems to have the same pro
Remko Popma created LOG4J2-3261:
---
Summary: Improve Configuration manual page
Key: LOG4J2-3261
URL: https://issues.apache.org/jira/browse/LOG4J2-3261
Project: Log4j 2
Issue Type: Documentation
quaff commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997717857
> You are right that 3230 fixes the vulnerability, I'm not opening this PR
to fix a known problem. I'm coming at this from the point of view that if there
is no reason to all
srdo commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997693611
You are right that 3230 fixes the vulnerability, I'm not opening this PR to
fix a known problem. I'm coming at this from the point of view that if there is
no reason to allow
quaff commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997687041
> @quaff I don't think that fixes the same thing? This fix is trying to
limit recursion depth in all cases, the fix you are linking disables recursion
in some cases.
L
90 matches
Mail list logo
