coldtobi commented on a change in pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83#discussion_r770247583
##
File path: src/test/cpp/util/transformer.cpp
##
@@ -116,14 +116,29 @@ void Transformer::createSedCommandFile(const std::string&
regexName,
coldtobi commented on a change in pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83#discussion_r770247583
##
File path: src/test/cpp/util/transformer.cpp
##
@@ -116,14 +116,29 @@ void Transformer::createSedCommandFile(const std::string&
regexName,
coldtobi commented on a change in pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83#discussion_r770247583
##
File path: src/test/cpp/util/transformer.cpp
##
@@ -116,14 +116,29 @@ void Transformer::createSedCommandFile(const std::string&
regexName,
coldtobi commented on a change in pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83#discussion_r770247583
##
File path: src/test/cpp/util/transformer.cpp
##
@@ -116,14 +116,29 @@ void Transformer::createSedCommandFile(const std::string&
regexName,
coldtobi commented on a change in pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83#discussion_r770247583
##
File path: src/test/cpp/util/transformer.cpp
##
@@ -116,14 +116,29 @@ void Transformer::createSedCommandFile(const std::string&
regexName,
quaff commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995493864
@remkop Description of `CVE-2021-45046` is not accurate, could you verify
and update security page?
> Thread Context Map pattern (%X, %mdc, or %MDC)
I can confirm th
fluffynuts merged pull request #78:
URL: https://github.com/apache/logging-log4net/pull/78
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notific
remkop commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995496519
@quaff Good point yes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the s
quaff edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995493864
@remkop Description of `CVE-2021-45046` is not accurate, could you verify
and update security page?
> Thread Context Map pattern (%X, %mdc, or %MDC)
I can con
fluffynuts merged pull request #79:
URL: https://github.com/apache/logging-log4net/pull/79
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notific
EmYiQing commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995498548
@remkop
Friends, For more analysis on denial of service vulnerabilities, please
refer to my article: https://xz.aliyun.com/t/10670
(If you can't understand the a
EmYiQing removed a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995498548
@remkop
Friends, For more analysis on denial of service vulnerabilities, please
refer to my article: https://xz.aliyun.com/t/10670
(If you can't understa
ams-tschoening commented on a change in pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83#discussion_r770285461
##
File path: src/test/cpp/util/transformer.cpp
##
@@ -116,14 +116,29 @@ void Transformer::createSedCommandFile(const std::string&
regexName,
ams-tschoening merged pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: not
quaff commented on pull request #617:
URL: https://github.com/apache/logging-log4j2/pull/617#issuecomment-995530594
This fix works.
Before this commit `${spring:spring.application.name:-unknown}` will always
be `unknown` even `spring.application.name` present.
--
This is an automated
zhuyou1234 opened a new pull request #631:
URL: https://github.com/apache/logging-log4j2/pull/631
should be allowed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comm
zhuyou1234 opened a new pull request #632:
URL: https://github.com/apache/logging-log4j2/pull/632
tip message is not accurate。required check null and empty
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above
SkySwimmer opened a new pull request #633:
URL: https://github.com/apache/logging-log4j2/pull/633
I have completely removed JNDI from the Interpolator, so that the
CVE-2021-44228 exploit will not be able to call LDAP.
```java
// Interpolator.java (org.apache.logging.log4j.core.loo
SkySwimmer commented on pull request #633:
URL: https://github.com/apache/logging-log4j2/pull/633#issuecomment-995739315
Sorry if this patch is redundant, i wasn't sure it was patched anymore
--
This is an automated message from the Apache Git Service.
To respond to the message, please lo
SkySwimmer edited a comment on pull request #633:
URL: https://github.com/apache/logging-log4j2/pull/633#issuecomment-995739315
Sorry if this patch is redundant, i wasn't sure it was patched already
--
This is an automated message from the Apache Git Service.
To respond to the message, pl
sebbASF commented on pull request #4:
URL: https://github.com/apache/logging-log4j-site/pull/4#issuecomment-995744256
Unfortunately the new 2.12.2 download page:
https://logging.apache.org/log4j/log4j-2.12.2/download.html
has restored all the old links, so there is no access to version
SkySwimmer commented on pull request #633:
URL: https://github.com/apache/logging-log4j2/pull/633#issuecomment-995756888
Sorry about the capitalization of the title
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
sebbASF opened a new pull request #5:
URL: https://github.com/apache/logging-log4j-site/pull/5
Also fix a couple of hash names
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific commen
SkySwimmer closed pull request #633:
URL: https://github.com/apache/logging-log4j2/pull/633
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifi
rm5248 commented on a change in pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83#discussion_r770518357
##
File path: src/test/cpp/util/transformer.cpp
##
@@ -116,14 +116,29 @@ void Transformer::createSedCommandFile(const std::string&
regexName,
garydgregory commented on pull request #4:
URL: https://github.com/apache/logging-log4j-site/pull/4#issuecomment-995798380
I generated the 2.12.2 site from sources, it never existed before. The
2.12.1 folder was hand edited for 2.12.2 so we need to clean all that up,
but at least 2.3 i
garydgregory merged pull request #5:
URL: https://github.com/apache/logging-log4j-site/pull/5
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: noti
garydgregory commented on pull request #5:
URL: https://github.com/apache/logging-log4j-site/pull/5#issuecomment-995802083
TY @sebbASF !
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the speci
sebbASF commented on pull request #5:
URL: https://github.com/apache/logging-log4j-site/pull/5#issuecomment-995819946
I would also have submitted a patch for the source that creates the page,
but I could not work out where that is.
It also needs to be applied to the production site...
garydgregory commented on a change in pull request #630:
URL: https://github.com/apache/logging-log4j2/pull/630#discussion_r770718080
##
File path: log4j-api/src/main/java/org/apache/logging/log4j/Logger.java
##
@@ -137,7 +137,7 @@
* Logs a message CharSequence with the {
ron-murhammer opened a new pull request #6:
URL: https://github.com/apache/logging-log4j-site/pull/6
Remove reference to release 2.12.2 being a work in progress
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL
mdolinin opened a new pull request #634:
URL: https://github.com/apache/logging-log4j2/pull/634
…
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: n
mdolinin closed pull request #634:
URL: https://github.com/apache/logging-log4j2/pull/634
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifica
sullis opened a new pull request #635:
URL: https://github.com/apache/logging-log4j2/pull/635
The cache action is no longer needed.
We already have the 'cache' property enabled in setup-java.
--
This is an automated message from the Apache Git Service.
To respond to the message, p
mikkorantalainen commented on pull request #630:
URL: https://github.com/apache/logging-log4j2/pull/630#issuecomment-996316597
I think InterpretedMessage would be problematic, too, because it can be
understood as "message to be interpreted in the future" or "message that has
already been i
fulldecent commented on pull request #630:
URL: https://github.com/apache/logging-log4j2/pull/630#issuecomment-996338330
There can be good and bad arguments for any name choice. I've made my
recommendation and the final decision is above my pay grade.
But I think we can agree that t
coldtobi commented on a change in pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83#discussion_r771167930
##
File path: src/test/cpp/util/transformer.cpp
##
@@ -116,14 +116,29 @@ void Transformer::createSedCommandFile(const std::string&
regexName,
coldtobi commented on a change in pull request #83:
URL: https://github.com/apache/logging-log4cxx/pull/83#discussion_r771167930
##
File path: src/test/cpp/util/transformer.cpp
##
@@ -116,14 +116,29 @@ void Transformer::createSedCommandFile(const std::string&
regexName,
rocketraman commented on pull request #14:
URL:
https://github.com/apache/logging-log4j-kotlin/pull/14#issuecomment-996528405
Now that 1.6 is out, its time to resurrect this and move to 1.4.
--
This is an automated message from the Apache Git Service.
To respond to the message, please lo
mikaello opened a new pull request #14:
URL: https://github.com/apache/logging-log4j-kotlin/pull/14
I am using this library in my application, but it prevents me from upgrading
to Kotlin v1.4 since this library includes Kotlin v1.3.72. I can force my
application to use Kotlin stdlib 1.3, b
michael-buerkle opened a new pull request #636:
URL: https://github.com/apache/logging-log4j2/pull/636
According to
https://logging.apache.org/log4j/2.x/log4j-core/apidocs/org/apache/logging/log4j/core/appender/rolling/action/Duration.html#parseCharSequence
a Duration looks like "P2D"
qxo opened a new pull request #637:
URL: https://github.com/apache/logging-log4j2/pull/637
so we can change the load order if we need:
such as lock some properties for force disable some feature we don't need.
ie:
SystemPropertiesPropertySource is priority=100, if we wan
garydgregory merged pull request #635:
URL: https://github.com/apache/logging-log4j2/pull/635
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: noti
garydgregory commented on pull request #636:
URL: https://github.com/apache/logging-log4j2/pull/636#issuecomment-996675898
FYI: The current documentation is in the branch release-2.x
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to G
qxo opened a new pull request #638:
URL: https://github.com/apache/logging-log4j2/pull/638
recursive substitute suck, we can switch it off in the
log4j2.component.properties:
```
log4j2.enableSubstitutionInVariables=false
```
--
This is an automated message from the Apache Git S
qxo commented on pull request #638:
URL: https://github.com/apache/logging-log4j2/pull/638#issuecomment-996713347
> Thank you for the proposal, I am handling this in a different way for
2.17.0.
ok:)
--
This is an automated message from the Apache Git Service.
To respond to the mes
michael-buerkle commented on pull request #636:
URL: https://github.com/apache/logging-log4j2/pull/636#issuecomment-996721500
@garydgregory: Thank you for that hint.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
michael-buerkle closed pull request #636:
URL: https://github.com/apache/logging-log4j2/pull/636
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: n
michael-buerkle opened a new pull request #639:
URL: https://github.com/apache/logging-log4j2/pull/639
According to
https://logging.apache.org/log4j/2.x/log4j-core/apidocs/org/apache/logging/log4j/core/appender/rolling/action/Duration.html#parseCharSequence
a Duration looks like "P2D"
remkop commented on pull request #630:
URL: https://github.com/apache/logging-log4j2/pull/630#issuecomment-997062659
Thank you for your analysis and writeup.
I can understand how there can be potential confusion between a call to
`logger.debug(String)`, `logger.debug(Object)` and `lo
remkop edited a comment on pull request #630:
URL: https://github.com/apache/logging-log4j2/pull/630#issuecomment-997062659
Thank you for your analysis and writeup.
I can understand how there can be potential confusion between a call to
`logger.debug(String)`, `logger.debug(Object)`
remkop edited a comment on pull request #630:
URL: https://github.com/apache/logging-log4j2/pull/630#issuecomment-997062659
Thank you for your analysis and writeup.
I can understand how there can be potential confusion between a call to
`logger.debug(String)`, `logger.debug(Object)`
remkop edited a comment on pull request #630:
URL: https://github.com/apache/logging-log4j2/pull/630#issuecomment-997062659
Thank you for your analysis and writeup.
I can understand how there can be potential confusion between a call to
`logger.debug(String)`, `logger.debug(Object)`
remkop removed a comment on pull request #630:
URL: https://github.com/apache/logging-log4j2/pull/630#issuecomment-997062659
Thank you for your analysis and writeup.
I can understand how there can be potential confusion between a call to
`logger.debug(String)`, `logger.debug(Object)`
garydgregory merged pull request #639:
URL: https://github.com/apache/logging-log4j2/pull/639
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: noti
remkop commented on pull request #639:
URL: https://github.com/apache/logging-log4j2/pull/639#issuecomment-997132387
Merged. Will be included in the next Log4j2 release.
Thank you for the contribution!
--
This is an automated message from the Apache Git Service.
To respond to the messa
rm5248 commented on pull request #81:
URL: https://github.com/apache/logging-log4cxx/pull/81#issuecomment-997136517
I've made a new PR with the changes, if you are able to review that would be
helpful: https://github.com/apache/logging-log4cxx/pull/85
--
This is an automated message from
coldtobi commented on pull request #85:
URL: https://github.com/apache/logging-log4cxx/pull/85#issuecomment-997162275
LGTM
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
coldtobi edited a comment on pull request #85:
URL: https://github.com/apache/logging-log4cxx/pull/85#issuecomment-997162275
LGTM!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific co
coldtobi edited a comment on pull request #85:
URL: https://github.com/apache/logging-log4cxx/pull/85#issuecomment-997162275
LGTM! (Tested for my Debian packaging, this should solve the problems I saw
there.)
--
This is an automated message from the Apache Git Service.
To respond to the
coldtobi edited a comment on pull request #85:
URL: https://github.com/apache/logging-log4cxx/pull/85#issuecomment-997162275
LGTM! (Tested for my Debian packaging, this should solve my problems I had
there.)
--
This is an automated message from the Apache Git Service.
To respond to the m
coldtobi closed pull request #81:
URL: https://github.com/apache/logging-log4cxx/pull/81
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificat
coldtobi commented on pull request #81:
URL: https://github.com/apache/logging-log4cxx/pull/81#issuecomment-997165067
> I've made a new PR with the changes, if you are able to review that would
be helpful: #85
#85 works for me; I guess then lets close this PR, as #85 succeeds it.
-
coldtobi edited a comment on pull request #81:
URL: https://github.com/apache/logging-log4cxx/pull/81#issuecomment-997165067
> I've made a new PR with the changes, if you are able to review that would
be helpful: #85
#85 works for me; I guess then lets close this PR, as #85 replaces
coldtobi edited a comment on pull request #81:
URL: https://github.com/apache/logging-log4cxx/pull/81#issuecomment-997165067
> I've made a new PR with the changes, if you are able to review that would
be helpful: #85
#85 works for me; I guess then lets close this PR, as #85 replaces
coldtobi commented on pull request #79:
URL: https://github.com/apache/logging-log4cxx/pull/79#issuecomment-997165526
@ams-tschoening do you want to take another look or did I miss an open
point? (dead lock avoidance)
--
This is an automated message from the Apache Git Service.
To respon
ams-tschoening commented on pull request #79:
URL: https://github.com/apache/logging-log4cxx/pull/79#issuecomment-997180649
Things look fine for me and running tests on my system still works.
Regarding the
[segfault](https://issues.apache.org/jira/browse/LOGCXX-322?focusedCommentId=1745755
coldtobi commented on pull request #79:
URL: https://github.com/apache/logging-log4cxx/pull/79#issuecomment-997182946
I've got no preferences about the merge order, so just do as you see fit.
thanks foor looking into it!
--
This is an automated message from the Apache Git Service.
ams-tschoening merged pull request #79:
URL: https://github.com/apache/logging-log4cxx/pull/79
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: not
ams-tschoening commented on pull request #85:
URL: https://github.com/apache/logging-log4cxx/pull/85#issuecomment-997186592
The failing sockjetservertestcase doesn't seem related, so am merging anyway.
```
49: socketservertestcase 8 1 12.50%
49/63 Test #
ams-tschoening merged pull request #85:
URL: https://github.com/apache/logging-log4cxx/pull/85
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: not
ams-tschoening edited a comment on pull request #85:
URL: https://github.com/apache/logging-log4cxx/pull/85#issuecomment-997186592
The failing sockjetservertestcase doesn't seem related and all test worked
on my local Windows, so am merging anyway for now.
```
49: socketservertest
dongjinleekr commented on pull request #640:
URL: https://github.com/apache/logging-log4j2/pull/640#issuecomment-997200527
@garydgregory So, you mean...
1. Make a list of `kafka-clients` packages in the resources directory.
2. When KafkaAppender is initialized, load 1.
3. Determ
garydgregory commented on pull request #640:
URL: https://github.com/apache/logging-log4j2/pull/640#issuecomment-997202196
> @garydgregory So, you mean...
>
> 1. Make a list of `kafka-clients` packages in the resources directory.
> 2. When KafkaAppender is initialized, load 1.
>
dongjinleekr commented on pull request #640:
URL: https://github.com/apache/logging-log4j2/pull/640#issuecomment-997202943
@garydgregory Great, with more maintainability! :+1:
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub a
rgoers merged pull request #626:
URL: https://github.com/apache/logging-log4j2/pull/626
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificati
carterkozak opened a new pull request #641:
URL: https://github.com/apache/logging-log4j2/pull/641
cherry-pick of 806023265f8c905b2dd1d81fd2458f64b2ea0b5e
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above
carterkozak commented on a change in pull request #641:
URL: https://github.com/apache/logging-log4j2/pull/641#discussion_r771879643
##
File path:
log4j-core/src/main/java/org/apache/logging/log4j/core/config/plugins/util/PluginBuilder.java
##
@@ -180,7 +181,9 @@ private void
carterkozak commented on a change in pull request #641:
URL: https://github.com/apache/logging-log4j2/pull/641#discussion_r771879822
##
File path:
log4j-core/src/main/java/org/apache/logging/log4j/core/lookup/StrSubstitutor.java
##
@@ -22,11 +22,13 @@
import java.util.Iterato
rgoers merged pull request #641:
URL: https://github.com/apache/logging-log4j2/pull/641
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificati
KristjanESPERANTO opened a new pull request #642:
URL: https://github.com/apache/logging-log4j2/pull/642
It's a minor detail, but I didn't find any reference to the release history
in the repository.
--
This is an automated message from the Apache Git Service.
To respond to the message,
Sadboipoor commented on pull request #82:
URL: https://github.com/apache/logging-log4cxx/pull/82#issuecomment-997399720
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To u
Sadboipoor commented on a change in pull request #75:
URL: https://github.com/apache/logging-log4cxx/pull/75#discussion_r771956556
##
File path: src/main/cpp/locationinfo.cpp
##
@@ -102,6 +120,14 @@ const char* LocationInfo::getFileName() const
return fileName;
}
+/*
dpsenner opened a new pull request #643:
URL: https://github.com/apache/logging-log4j2/pull/643
This PR adds a sentence that explains users what to do before posting
messages to a mailing list.
--
This is an automated message from the Apache Git Service.
To respond to the message, please
srdo opened a new pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644
I've hard coded the limit to 10. If you feel the limit needs to be
configurable (via system property or the log4j config?), let me know and I'll
adjust.
I couldn't find a good way to keep the
srdo commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997461040
Jira https://issues.apache.org/jira/browse/LOG4J2-3259
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use
garydgregory commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997461971
Hi @srdo
Wrong branch: You want to target `release-2.x`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to
srdo closed pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notification
srdo commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997462128
@garydgregory Thanks, will close this and move it to another branch. I
assume you cherry-pick/merge forward on this project then?
--
This is an automated message from the Ap
garydgregory commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997464275
> @garydgregory Thanks, will close this and move it to another branch. I
assume you cherry-pick/merge forward on this project then?
No, just a plain merge from G
garydgregory edited a comment on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997464275
> @garydgregory Thanks, will close this and move it to another branch. I
assume you cherry-pick/merge forward on this project then?
Yes, just a plain merg
garydgregory edited a comment on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997464275
> @garydgregory Thanks, will close this and move it to another branch. I
assume you cherry-pick/merge forward on this project then?
Yes, just a plain merg
srdo commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997469084
Sorry, I should have asked more clearly. What I meant was "How are you
ensuring that this fix will also be applied to master, is it by cherry-pick or
by merging 2.x into maste
quaff commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-997530030
> @remkop Description of `CVE-2021-45046` is not accurate, could you verify
and update security page?
>
> > Thread Context Map pattern (%X, %mdc, or %MDC)
>
> I
remkop commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-997537941
@quaff Thanks for noticing this!
The Log4j [security
page](https://logging.apache.org/log4j/2.x/security.html) has already been
updated to reflect this.
I believe
quaff commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997665780
@srdo , I think your PR should be closed, `isRecursiveEvaluationAllowed()`
is introduced by
https://github.com/apache/logging-log4j2/commit/806023265f8c905b2dd1d81fd2458f64b2
quaff commented on pull request #617:
URL: https://github.com/apache/logging-log4j2/pull/617#issuecomment-997667402
@rgoers , Please take a look at this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above t
srdo commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997681581
@quaff I don't think that fixes the same thing? This fix is trying to limit
recursion depth in all cases, the fix you are linking disables recursion in
some cases.
--
This
quaff commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997687041
> @quaff I don't think that fixes the same thing? This fix is trying to
limit recursion depth in all cases, the fix you are linking disables recursion
in some cases.
L
srdo commented on pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#issuecomment-997693611
You are right that 3230 fixes the vulnerability, I'm not opening this PR to
fix a known problem. I'm coming at this from the point of view that if there is
no reason to allow
3901 - 4000 of 7264 matches
Mail list logo
