felixbarny commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993409519
Looks like the log4j team has already backported the recent fixes to the
[2.12](https://github.com/apache/logging-log4j2/tree/log4j-2.12) branch and
have released
[2.12
remkop commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993409892
> > > @remkop Hi! Thanks for your work and the community correspondence.
> > > Do you have any plans to backport the correspondence to this
vulnerability to older versions
kmindi edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993399258
Following up on my question if this fixes usage with other property
substitutions like ctx:
https://github.com/apache/logging-log4j2/pull/608#issuecomment-992427010
vy commented on pull request #627:
URL: https://github.com/apache/logging-log4j2/pull/627#issuecomment-993424437
Hello @quericy! We also spent an entire day and night getting 2.12.2 out.
That is a sweet coincidence. :sweat:
The release is getting voted right not, should be out soon.
vy closed pull request #627:
URL: https://github.com/apache/logging-log4j2/pull/627
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
vlsi commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993430513
I see a lot of comments that "log4j 1.x has reached its end of life".
However, is there a chance there will be log4j 1.2.18 that just removes the
offending features (e.g. JMSA
philipwhiuk commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993440874
> I see a lot of comments that "log4j 1.x has reached its end of life".
However, is there a chance there will be log4j 1.2.18 that just removes the
offending features (
philipwhiuk edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993440874
> I see a lot of comments that "log4j 1.x has reached its end of life".
However, is there a chance there will be log4j 1.2.18 that just removes the
offending fea
garydgregory commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993449177
Good tips Philip!
>It just does not sound right that the only log4j team answer is "migrate
to 2.x or try removing class files from jars".
How does "unp
vlsi commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993457975
> approach the Apache Software Foundation
That is exactly what I am doing.
> How does "unpaid volunteer" sound? ;-)
@garydgregory , I am a committer and a P
SpComb commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993469509
> Following up on my question if this fixes usage with other property
substitutions like ctx: [#608
(comment)](https://github.com/apache/logging-log4j2/pull/608#issuecomment
SpComb edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993469509
> Following up on my question if this fixes usage with other property
substitutions like ctx: [#608
(comment)](https://github.com/apache/logging-log4j2/pull/608#issue
remkop commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993470755
@vlsi I suggest you engage the Logging PMC on the logging-dev mailing list
with your proposal. However, prior to doing so, please check out the Log4j 1.x
code and try to bui
SpComb edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993469509
> Following up on my question if this fixes usage with other property
substitutions like ctx: [#608
(comment)](https://github.com/apache/logging-log4j2/pull/608#issue
SpComb edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993469509
> Following up on my question if this fixes usage with other property
substitutions like ctx: [#608
(comment)](https://github.com/apache/logging-log4j2/pull/608#issue
ahahu edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-991354707
I'd also like to stress, that it is not sufficient to mitigate this
vulnerability by using a JRE/JDK version which prevents the RCE, nor should you
rely solely on your
garydgregory commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993487126
> @vlsi I suggest you engage the Logging PMC on the logging-dev mailing list
with your proposal. However, prior to doing so, please check out the Log4j 1.x
code and tr
garydgregory commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993495979
> > approach the Apache Software Foundation
>
> That is exactly what I am doing.
>
> > How does "unpaid volunteer" sound? ;-)
>
> @garydgregory , I
SR-G commented on pull request #607:
URL: https://github.com/apache/logging-log4j2/pull/607#issuecomment-993513692
Does anyone knows when exactly inside the LOG4J2 stack this bug may be
triggered ? Is it only at "rendering" level, or may it be before ?
For the context, in my case : a
SR-G edited a comment on pull request #607:
URL: https://github.com/apache/logging-log4j2/pull/607#issuecomment-993513692
Does anyone know "when" exactly inside the LOG4J2 stack this bug may be
triggered ? Is it only at "rendering" level, or may it be before ?
For the context, in my
kmindi commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993542299
thx @SpComb for confirming what I found.
I'm not quite sure what that means or where we should continue the
discussion about that, if it s a new attack vector etc.
SpComb commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993560912
> I'm not quite sure what that means or where we should continue the
discussion about that, if it s a new attack vector etc.
This should really have been reported priv
kmindi edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993542299
thx @SpComb for confirming what I found.
I'm not quite sure what that means or where we should continue the
discussion about that, if it s a new attack vector e
kmindi edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993542299
thx @SpComb for confirming what I found.
I'm not quite sure what that means or where we should continue the
discussion about that, if it s a new attack vector e
kmindi edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993542299
thx @SpComb for confirming what I found.
I'm not quite sure what that means or where we should continue the
discussion about that, if it s a new attack vector e
kmindi edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993542299
thx @SpComb for confirming what I found.
I'm not quite sure what that means or where we should continue the
discussion about that, if it s a new attack vector e
ams-tschoening commented on a change in pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83#discussion_r768790290
##
File path: src/test/cpp/util/transformer.cpp
##
@@ -116,14 +116,25 @@ void Transformer::createSedCommandFile(const std::string&
regexName,
SpComb edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993560912
> I'm not quite sure what that means or where we should continue the
discussion about that, if it s a new attack vector etc.
This should really have been report
SpComb edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993560912
> I'm not quite sure what that means or where we should continue the
discussion about that, if it s a new attack vector etc.
This should really have been report
SpComb edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993560912
> I'm not quite sure what that means or where we should continue the
discussion about that, if it s a new attack vector etc.
This should really have been report
SpComb edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993560912
> I'm not quite sure what that means or where we should continue the
discussion about that, if it s a new attack vector etc.
This should really have been report
coldtobi commented on a change in pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83#discussion_r768849479
##
File path: src/test/cpp/util/transformer.cpp
##
@@ -116,14 +116,25 @@ void Transformer::createSedCommandFile(const std::string&
regexName,
iamamoose commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993792625
Please see https://lists.apache.org/thread/83y7dx5xvn3h5290q1twn16tltolv88f
relating to CVE-2021-45046 (addressed by 2.16.0)
--
This is an automated message from the Ap
SpComb edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993469509
> Following up on my question if this fixes usage with other property
substitutions like ctx: [#608
(comment)](https://github.com/apache/logging-log4j2/pull/608#issue
vorburger opened a new pull request #629:
URL: https://github.com/apache/logging-log4j2/pull/629
@rgoers could something like this at the top of
https://logging.apache.org/log4j/2.x/manual/migration.html be helpful? I'm
happy to rephrase it if it have review feedback how what I'm trying to
vorburger commented on pull request #629:
URL: https://github.com/apache/logging-log4j2/pull/629#issuecomment-993948594
https://issues.apache.org/jira/browse/LOG4J2-3229 created for failing builds
on ASF Jenkins (GitHub actions are still running as of writing this).
--
This is an automat
vorburger commented on pull request #628:
URL: https://github.com/apache/logging-log4j2/pull/628#issuecomment-993948671
https://issues.apache.org/jira/browse/LOG4J2-3229 created for failing builds
on ASF Jenkins (GitHub actions are still running as of writing this).
--
This is an automat
vy merged pull request #628:
URL: https://github.com/apache/logging-log4j2/pull/628
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
rgoers merged pull request #629:
URL: https://github.com/apache/logging-log4j2/pull/629
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificati
vy commented on pull request #629:
URL: https://github.com/apache/logging-log4j2/pull/629#issuecomment-994080657
Backported to `release-2.x`. Will manually add to the website.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub a
vorburger commented on pull request #629:
URL: https://github.com/apache/logging-log4j2/pull/629#issuecomment-994097069
See https://github.com/netty/netty/pull/11925 for an example of applying
what I'm suggesting here to one of (many, of course) libraries and frameworks.
--
This is an au
rgoers commented on pull request #618:
URL: https://github.com/apache/logging-log4j2/pull/618#issuecomment-994104873
We have agreed we will be removing ldap(s) and all the allowed lists, so
this PR won't be necessary. But we do appreciate the work you did.
--
This is an automated message
rgoers closed pull request #618:
URL: https://github.com/apache/logging-log4j2/pull/618
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificati
brunoborges commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994136147
Hey @vy has it been confirmed that the DoS Attack also happens on 2.0 ...
2.14.1, or if it is exclusive to 2.15.0 due to the fixes for log4shell?
--
This is an automa
jvz commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994137682
DoS attack is applicable to the same version range as the RCE as well as
including 2.15.0.
--
This is an automated message from the Apache Git Service.
To respond to the mess
brunoborges commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994139622
> DoS attack is applicable to the same version range as the RCE as well as
including 2.15.0.
Thanks, @jvz for confirming. It's just that the CVE [1] does not have
brunoborges edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994139622
> DoS attack is applicable to the same version range as the RCE as well as
including 2.15.0.
Thanks, @jvz for confirming. It's just that the CVE [1] does n
fulldecent opened a new pull request #84:
URL: https://github.com/apache/logging-log4cxx/pull/84
(Please update this PR to fix all affected functions in all files. This is
zero-day live Twitch stream, can't type more here.)
---
This function is specified as logging a string.
jvz commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994145807
I've made a bunch of changes to the CVE description (at least for 44228),
but they're awaiting approval from the Apache security team.
The message lookup mitigations aren
mallman commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994152245
> I can prepare PR for the removal of the offending classes. That is a
non-issue.
@vlsi Please do. I think this would be a very valuable effort.
--
This is an auto
brunoborges commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994180618
While no Java version can effectively mitigate the issue, I want to point
out that developers using `jlink` on Java 9+ for custom runtimes that do
**not** include `java
brunoborges edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994180618
While no Java version can effectively mitigate the issue, I want to point
out that developers using `jlink` on Java 9+ for assembling custom runtimes
that do **n
jschauma commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994182074
> The message lookup mitigations aren't sufficient to protect from either
the DoS or RCE attacks.
If mitigations, such as e.g., "-Dlog4j2.formatMsgNoLookups=true’" a
jvz commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994182822
There were changes made in 2.15.0 besides disabling message lookups. Those
changes reduce the attack surface of JNDI lookups. It sounds like some
clarifications are in order, t
garydgregory commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994184923
Hello Jan,
Thank you for asking for clarification, we need to make our message as
clear as possible.
"If mitigations, such as e.g., "-Dlog4j2.formatMsgN
jschauma commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994193467
Thanks @garydgregory . Appreciate the clarity.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
yjqg commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994210122
For anyone following this issue. If you are using spring boot 4.3.27 or
later/above, you could use spring.jndi.ignore=true to disable jndi completely
using jvm properties
yjqg edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994210122
For anyone following this issue. If you are using spring boot 4.3.27 or
later/above, you could use spring.jndi.ignore=true to disable jndi completely
using jvm pro
yjqg edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994210122
For anyone following this issue. If you are using spring 4.3.27 or
later/above, you could use spring.jndi.ignore=true to disable jndi completely
using jvm properti
rm5248 commented on pull request #84:
URL: https://github.com/apache/logging-log4cxx/pull/84#issuecomment-994228341
I'm assuming that you're referring to CVE-2021-44228 in log4j2. Log4cxx
does not(and as far as I am aware has never) supported any sort of parameter
lookup inside of log mes
EmYiQing commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994307693
I reported this denial of Service Vulnerability (cve-2021-45046) to the
logging PMC last week. Although I didn't propose threadcontext, I explained the
trigger method of t
EmYiQing edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994307693
I reported this denial of Service Vulnerability (cve-2021-45046) to the
logging PMC last week. Although I didn't propose threadcontext, I explained the
trigger meth
EmYiQing edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994307693
I reported this denial of Service Vulnerability (cve-2021-45046) to the
logging PMC last week. Although I didn't propose threadcontext, I explained the
trigger meth
ams-tschoening commented on pull request #84:
URL: https://github.com/apache/logging-log4cxx/pull/84#issuecomment-994469773
> [...]This is zero-day live Twitch stream, can't type more here.
I see how important things are for you... :-) Let's close, reads like
nonsense to me. It's not
ams-tschoening commented on a change in pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83#discussion_r769355155
##
File path: src/test/cpp/util/transformer.cpp
##
@@ -116,14 +116,18 @@ void Transformer::createSedCommandFile(const std::string&
regexName,
remkop commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994653193
> I reported this denial of Service Vulnerability (cve-2021-45046) to the
logging PMC last week. Although I didn't propose threadcontext, I explained the
trigger method of t
EmYiQing commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994669329
@remkop Thank you for your reply
I sent a vulnerability report to priv...@logging.apache.org on December 10
and received a reply and thanks from **Ralgh Goers** five hou
fulldecent commented on pull request #84:
URL: https://github.com/apache/logging-log4cxx/pull/84#issuecomment-994867538
Coming back here with more time to type.
This issue discussed here affects:
- The Apache Log4j 2 API specification
- Every Apache Log4j 2 implementation
zhangyoufu edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990305306
You can't ask everybody to upgrade to 2.15 at once. And the
`formatMsgNoLookups` option is available to log4j ≥ 2.10 only.
Thanks to
[LOG4J2-703](https://g
fulldecent opened a new pull request #630:
URL: https://github.com/apache/logging-log4j2/pull/630
# Summary
The log4j2 API is underspecified and still vulnerable to undefined behavior.
Affects all versions up to and including the current 2.16.0.
This quick PR fixes the docume
rm5248 commented on pull request #84:
URL: https://github.com/apache/logging-log4cxx/pull/84#issuecomment-994925954
You're confusing two projects here.
Log4j2 is a logging implementation for Java.
Log4cxx is a logging implementation for C++. It is largely based off of
Log4j(1),
rm5248 closed pull request #84:
URL: https://github.com/apache/logging-log4cxx/pull/84
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificatio
ams-tschoening commented on pull request #84:
URL: https://github.com/apache/logging-log4cxx/pull/84#issuecomment-994927090
> This issue discussed here affects:[...]
Log4cxx is neither API compatible with Log4j2 nor an implementation of that.
AFAIK Log4cxx doesn't even claim to be so
fulldecent commented on pull request #84:
URL: https://github.com/apache/logging-log4cxx/pull/84#issuecomment-994936491
Thank you. Sorry for my confusion here.
Yes, I see that Log4cxx is NOT an implementation of Log4j2. They are
different things. The only thing the same is the inspir
fulldecent edited a comment on pull request #84:
URL: https://github.com/apache/logging-log4cxx/pull/84#issuecomment-994936491
Thank you. Sorry for my confusion here.
Yes, I see that Log4cxx is NOT an implementation of Log4j2.
This issue applies only to Log4j2 implementations a
ams-tschoening commented on a change in pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83#discussion_r769845917
##
File path: src/test/cpp/util/transformer.cpp
##
@@ -116,14 +116,29 @@ void Transformer::createSedCommandFile(const std::string&
regexName,
mrdgsmith commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995025131
> @remkop Thank you for your reply I sent a vulnerability report to
[priv...@logging.apache.org](mailto:priv...@logging.apache.org) on December 10
and received a reply an
mrdgsmith edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995025131
> @remkop Thank you for your reply I sent a vulnerability report to
[priv...@logging.apache.org](mailto:priv...@logging.apache.org) on December 10
and received a r
EmYiQing commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995268775
@mrdgsmith Here I discuss the denial of Service Vulnerability
**CVE-2021-45046** rather than the Remote Code Execution Vulnerability
**CVE-2021-44228**
--
This is an au
EmYiQing edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995268775
@mrdgsmith Here I discuss the denial of Service Vulnerability
**CVE-2021-45046** rather than the JNDI injection Vulnerability
**CVE-2021-44228**
--
This is an au
rgoers edited a comment on pull request #2:
URL: https://github.com/apache/logging-log4j-site/pull/2#issuecomment-995278148
Was this done to asf-staging first? We always commit there and then merge or
rebase to asf-site from asf-staging.
--
This is an automated message from the Apach
rgoers commented on pull request #2:
URL: https://github.com/apache/logging-log4j-site/pull/2#issuecomment-995278148
Was this done to asf-staging first?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to
EmYiQing edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994307693
I reported this denial of Service Vulnerability (cve-2021-45046) to the
logging PMC last week. I proposed the core code and trigger method of denial of
service vuln
sebbASF commented on pull request #2:
URL: https://github.com/apache/logging-log4j-site/pull/2#issuecomment-995281044
I did the same change to both files; take your pick
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use
rgoers commented on pull request #3:
URL: https://github.com/apache/logging-log4j-site/pull/3#issuecomment-995281273
Can you change this to apply to asf-staging first? We always commit there
and then merge or rebase to asf-site from asf-staging.
--
This is an automated message from the A
sebbASF commented on pull request #2:
URL: https://github.com/apache/logging-log4j-site/pull/2#issuecomment-995281871
At least I intended to do so; looks like the same branch was updated twice
--
This is an automated message from the Apache Git Service.
To respond to the message, please l
rgoers merged pull request #2:
URL: https://github.com/apache/logging-log4j-site/pull/2
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificati
rgoers commented on pull request #2:
URL: https://github.com/apache/logging-log4j-site/pull/2#issuecomment-995283886
Thanks Sebb. We appreciate the help.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above t
sebbASF opened a new pull request #4:
URL: https://github.com/apache/logging-log4j-site/pull/4
Sorry, I missed some of the 2.3 files.
Hopefully this is the last of them
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and u
garydgregory commented on pull request #4:
URL: https://github.com/apache/logging-log4j-site/pull/4#issuecomment-995321695
Hi All,
I think we are going to regenerate the whole 2.12.1 site soon in order to
get back to where we started. I just pushed a site for 2.12.2. Now I am looking
at
garydgregory edited a comment on pull request #4:
URL: https://github.com/apache/logging-log4j-site/pull/4#issuecomment-995321695
Hi All,
I think we are going to regenerate the whole 2.12.1 site soon in order to
get back to where we started. I just pushed a site for 2.12.2. Now I am look
remkop commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995427431
> > @remkop Thank you for your reply I sent a vulnerability report to
[priv...@logging.apache.org](mailto:priv...@logging.apache.org) on December 10
and received a reply and
remkop edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995427431
> > @remkop Thank you for your reply I sent a vulnerability report to
[priv...@logging.apache.org](mailto:priv...@logging.apache.org) on December 10
and received a re
remkop edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995427431
> > @remkop Thank you for your reply I sent a vulnerability report to
[priv...@logging.apache.org](mailto:priv...@logging.apache.org) on December 10
and received a re
EmYiQing commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995429097
@remkop Thank you very much for your work
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL
remkop commented on pull request #4:
URL: https://github.com/apache/logging-log4j-site/pull/4#issuecomment-995432928
FYI
The site that @garydgregory created has been merged and is now live.
The 2.12.1 site is no longer referenced from the main web site
(https://logging.apache.org/log
remkop edited a comment on pull request #4:
URL: https://github.com/apache/logging-log4j-site/pull/4#issuecomment-995432928
FYI
The 2.12.2 site that @garydgregory created has been merged and is now live.
The 2.12.1 site is no longer referenced from the main web site
(https://logging.
ichux commented on a change in pull request #607:
URL: https://github.com/apache/logging-log4j2/pull/607#discussion_r770242666
##
File path: src/site/xdoc/manual/layouts.xml.vm
##
@@ -1455,9 +1455,9 @@ WARN [main]: Message 2
-
ichux commented on a change in pull request #607:
URL: https://github.com/apache/logging-log4j2/pull/607#discussion_r770242666
##
File path: src/site/xdoc/manual/layouts.xml.vm
##
@@ -1455,9 +1455,9 @@ WARN [main]: Message 2
-
ichux commented on a change in pull request #607:
URL: https://github.com/apache/logging-log4j2/pull/607#discussion_r770242666
##
File path: src/site/xdoc/manual/layouts.xml.vm
##
@@ -1455,9 +1455,9 @@ WARN [main]: Message 2
-
3801 - 3900 of 7264 matches
Mail list logo
