sigh.. so 2.17.1 IS a security fix now? XenoAmess ________________________________ From: Matt Sicker <boa...@gmail.com> Sent: Wednesday, December 29, 2021 4:07:48 AM To: dev@logging.apache.org <dev@logging.apache.org> Subject: Re: CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration
There’s no specific commit yet, just branches. The commits are coming over the next few hours as we cut the release candidates. -- Matt Sicker > On Dec 28, 2021, at 14:06, Jason Pyeron <jpye...@pdinc.us> wrote: > >> -----Original Message----- >> From: Gary Gregory >> Sent: Tuesday, December 28, 2021 3:02 PM >> > <snip/> >> >> 2.12.4 and 2.3.2 are brewing. > > I see, are they in git? If so, what commit? > > -Jason >