This is an automated email from the ASF dual-hosted git repository.
vy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/master by this push:
new 60d14ab6aa Update security page to reflect that config access won't
qualify
60d14ab6aa is described below
commit 60d14ab6aaacbf8a2a59c94d00904858659572d9
Author: Volkan Yazıcı <[email protected]>
AuthorDate: Fri Feb 3 14:29:57 2023 +0100
Update security page to reflect that config access won't qualify
---
src/site/asciidoc/security.adoc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/site/asciidoc/security.adoc b/src/site/asciidoc/security.adoc
index ab9a90efd9..81c510e2ff 100644
--- a/src/site/asciidoc/security.adoc
+++ b/src/site/asciidoc/security.adoc
@@ -42,7 +42,9 @@ Log4j Users mailing list
If you have encountered an unlisted security vulnerability or other unexpected
behaviour
that has security impact, or if the descriptions here are incomplete, please
report them
-privately to the mailto:[email protected][Log4j Security Team]. Thank
you.
+privately to mailto:[email protected][the Log4j Security Team].
+Note that reports assuming attacker's access to the Log4j configuration will
not qualify as a vulnerability.
+Thank you for your understanding and help!
[#log4j-2-15-0]
=== Fixed in Log4j 2.15.0
