Hi Milind, log4net is not log4j and therefore the recent log4j vulnerability is unrelated to log4net. Beyond that, the Apache Software Foundation is vendor neutral.
Warm regards, Dominik On Fri, 17 Dec 2021 at 22:24, Milind Wankhede <mwankh...@smbc-cm.com> wrote: > Good Morning/Afternoon, > As you may know, a cyber-vulnerability impacting Java Library: log4j was > recently identified. > DHS warns of critical flaw in widely used software - CNNPolitics< > https://www.cnn.com/2021/12/11/politics/dhs-log4j-software-flaw-warning/index.html > > > > As a result and to provide our regulators confidence in our management of > the impact, we are engaging our vendors to determine both if they were > impacted (Yes/No) and if "Yes" what "Actions were taken?" > > We ask you consider in your response any 3rd party vendors which your > business may share SMBC data with as well. > > We are looking for impact on Log4Net project/Library. > > Vendor Reported Impact (Yes or No) > Actions Taken (If Any or N/A) > Impact to SMBC (Yes/No) > > > Please reply to all on this mail. > > To ensure we are in compliance with regulatory obligations we ask that you > please respond within 48 hours of this mail. > > Thank you, > > > Thanks & Regards! > Milind Wankhede > SMBC Capital Markets, Inc. > 277 Park Ave New York NY 10172 > Phone: (212) 224-5221 | Email: mwankh...@smbc-cm.com<mailto: > mwankh...@smbc-cm.com> > > This message, including any attachments, may contain information that is > privileged, confidential and/or protected by copyright, and is subject to > the terms available at > https://www.smbcgroup.com/americas/disclaimers/emaildisclaimer.html/ > If you are not the intended recipient, or have received this message in > error, please notify the sender immediately and delete this message. > -- Dominik Psenner
