This is an automated email from the ASF dual-hosted git repository.
rpopma pushed a commit to branch release-2.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/release-2.x by this push:
new 2db53f8 [DOC] fix typo
2db53f8 is described below
commit 2db53f87d4269271ab746c0b67f4c7bdce1f79dd
Author: rpopma <rpo...@apache.org>
AuthorDate: Thu Dec 16 12:25:50 2021 +0900
[DOC] fix typo
---
src/site/markdown/security.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md
index d22f577..71623bb 100644
--- a/src/site/markdown/security.md
+++ b/src/site/markdown/security.md
@@ -59,7 +59,7 @@ Thread Context Message Pattern and Context Lookup Pattern
vulnerable to a Denial
| Versions Affected | All versions from 2.0-beta9 to 2.15.0 |
### Description
-It was found that the fix to address
[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228)
in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.
This could allows attackers with control over Thread Context Map (MDC) input
data when the logging configuration uses a non-default Pattern Layout with
either a Context Lookup (for example, ``$${ctx:loginId})`` or a Thread Context
Map pattern (`%X`, `%mdc`, or `%MDC`) to craft malicious input data [...]
+It was found that the fix to address
[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228)
in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.
This could allow attackers with control over Thread Context Map (MDC) input
data when the logging configuration uses a non-default Pattern Layout with
either a Context Lookup (for example, ``$${ctx:loginId})`` or a Thread Context
Map pattern (`%X`, `%mdc`, or `%MDC`) to craft malicious input data [...]
### Mitigation
