This is an automated email from the ASF dual-hosted git repository. ggregory pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/release-2.x by this push: new b97a3c5 Sentence should start with a capital letter. b97a3c5 is described below commit b97a3c52f88ba13dac16ec0eb2664d479fdc7438 Author: Gary Gregory <garydgreg...@gmail.com> AuthorDate: Tue Dec 14 10:16:03 2021 -0500 Sentence should start with a capital letter. --- src/site/markdown/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index 6853151..1967b6f 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -70,7 +70,7 @@ substitution is enabled. **Log4j 1.x mitigation**: Log4j 1.x does not have Lookups so the risk is lower. Applications using Log4j 1.x are only vulnerable to this attack when they use JNDI in their configuration. A separate CVE (CVE-2021-4104) has been filed for this vulnerability. -To mitigate: audit your logging configuration to ensure it has no JMSAppender configured. +To mitigate: Audit your logging configuration to ensure it has no JMSAppender configured. Log4j 1.x configurations without JMSAppender are not impacted by this vulnerability. **Log4j 2.x mitigation**: Implement one of the mitigation techniques below.