sigh.. so 2.17.1 IS a security fix now? XenoAmess ________________________________ From: Matt Sicker <[email protected]> Sent: Wednesday, December 29, 2021 4:07:48 AM To: [email protected] <[email protected]> Subject: Re: CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration
There’s no specific commit yet, just branches. The commits are coming over the next few hours as we cut the release candidates. -- Matt Sicker > On Dec 28, 2021, at 14:06, Jason Pyeron <[email protected]> wrote: > >> -----Original Message----- >> From: Gary Gregory >> Sent: Tuesday, December 28, 2021 3:02 PM >> > <snip/> >> >> 2.12.4 and 2.3.2 are brewing. > > I see, are they in git? If so, what commit? > > -Jason >
