can someone help me unsubscribe to this email group ? I have tried manytimes , but not succeeded ?
-Mayank On Tue, Dec 14, 2021 at 12:16 PM Dominik Psenner <dpsen...@gmail.com> wrote: > This question has been asked several times now. I'm proposing to update the > website so that it is more obvious that log4net and log4xx are not > affected. > > On Tue, 14 Dec 2021 at 17:48, Matt Sicker <boa...@gmail.com> wrote: > > > JNDI is a Java API (Java Naming and Directory Interface) for abstracting > > various networking APIs like LDAP, DNS, etc. It’s not present in .NET or > > C++ (or any non-JVM language), so it does not affect log4net or log4cxx. > > -- > > Matt Sicker > > > > > On Dec 14, 2021, at 08:54, David Schwartz <david.schwa...@ni.com> > wrote: > > > > > > Hi Joe, > > > > > > Adding to what Davyd wrote. I just searched the codebase and the > > JndiLookup class (where the log4j vulnerability was found) does not exist > > in log4net. In fact, there is no code related to jndi at all as far as I > > can see. > > > > > > David > > > > > > -----Original Message----- > > > From: Davyd McColl <dav...@gmail.com <mailto:dav...@gmail.com>> > > > Sent: Tuesday, December 14, 2021 4:10 PM > > > To: dev@logging.apache.org <mailto:dev@logging.apache.org> > > > Subject: [EXTERNAL] Re: log4net > > > > > > Hi Joe > > > > > > No, it shouldn't, particularly because we're very different projects, > on > > very different platforms, and I understand that the log4j vuln is largely > > linked to a _dependency_ of log4j. The closest we've had was an xml vuln > > that was patched some time ago. > > > > > > That being said, I'm currently the only maintainer and I definitely > have > > written the least code in log4net, so if you or anyone else would like to > > audit for vulnerabilities (and, even better, PR mitigations), I'm all for > > it. > > > > > > -d > > > > > > > > > On December 14, 2021 16:03:39 Joe Kelly <joe.ke...@okcu.org> wrote: > > > > > >> I was wondering if the log4net service has a similar vulnerability as > > >> log4j. There isn't any information on the log4net security page and > > >> the current version of 2.0.13 doesn't match the log4j version of > 2.16.0. > > >> > > >> Joe Kelly > > >> Information Security Analyst > > >> P: 405.763.5425 > > >> F: 405.602.6337 > > >> > https://urldefense.com/v3/__http://www.okcu.org__;!!FbZ0ZwI3Qg!6hdye55 > > <https://urldefense.com/v3/__http://www.okcu.org__;!!FbZ0ZwI3Qg!6hdye55> > > >> e93GuHBF0X4qMKophICSr0Nb5ggI6RBgb2lJoysQv8jdWynWoouaTpixMWg$ > > >> < > https://urldefense.com/v3/__https://www.okcu.org__;!!FbZ0ZwI3Qg!6hdye > > <https://urldefense.com/v3/__https://www.okcu.org__;!!FbZ0ZwI3Qg!6hdye> > > >> 55e93GuHBF0X4qMKophICSr0Nb5ggI6RBgb2lJoysQv8jdWynWoouYBYxYhmg$ > > > >> > > >> joe.ke...@okcu.org <mailto:joe.ke...@okcu.org> <mailto: > > joe.ke...@okcu.org <mailto:joe.ke...@okcu.org>> Oklahoma's Credit Union > > >> Happy to Help(r) > > >> > > >> > > >> > > >> > > >> > > >> ________________________________ > > >> > > >> NOTICE: > > >> This e-mail is intended solely for the use of the individual to whom > > >> it is addressed and may contain information that is privileged, > > >> confidential or otherwise exempt from disclosure. If the reader of > > >> this e-mail is not the intended recipient or the employee or agent > > >> responsible for delivering the message to the intended recipient, you > > >> are hereby notified that any dissemination, distribution, or copying > > >> of this communication is strictly prohibited. If you have received > > >> this communication in error, please immediately notify us by replying > > >> to the original message at the listed email address. > > >> > > >> Happy to Help > > >> Oklahoma's Credit Union > > >> > https://urldefense.com/v3/__http://www.okcu.org__;!!FbZ0ZwI3Qg!6hdye55 > > <https://urldefense.com/v3/__http://www.okcu.org__;!!FbZ0ZwI3Qg!6hdye55> > > >> e93GuHBF0X4qMKophICSr0Nb5ggI6RBgb2lJoysQv8jdWynWoouaTpixMWg$ > > > > > > INTERNAL - NI CONFIDENTIAL > > > > > > -- > Dominik Psenner > -- Regards Mayank
