Hi Vladimir, On Thu, 5 Oct 2023 at 21:47, Klebanov, Vladimir <vladimir.kleba...@sap.com.invalid> wrote: > I would like to contribute some code in order to make log4j usage more > secure. I have now sent two emails to the log4j security team but did not > receive a response. Is anybody here interested? How can we discuss this > further?
Both times (10 Aug 2023, 23:19 and 29 Aug 2023, 20:49) we sent an answer to your address at sap.com. Anyway the general consensus was that the issue with generating HTML using PatternLayout does not constitute a security problem and you can discuss it on this mailing list or file an issue in Github issues. Piotr