Hi,
First of all: thank you for looking into the vulnerabilities related to
the log4j news. The announcement about the 1.2.9 release is a bit light
on details in how it differs from the 1.2.8 release. I thought the 1.2.8
disabled all the critical bits, which makes it safe to use again, but
the news article indicates that any version prior to 1.2.9 (including
1.2.8) is vulnerable. So does this mean that 1.2.9 fixes yet more
security issues, or is this more about re-enabling some things that have
been disabled in 1.2.8?
Regards,
Arjohn Kampman
_______________________________________________
logback-user mailing list
[email protected]
http://mailman.qos.ch/mailman/listinfo/logback-user
