Hi Arjohn,
I would consider logback version 1.2.9 a security fix.
--
Ceki Gülcü
Please contact suppport(at)qos.ch for donations, sponsorship or support
contracts related to SLF4J or logback projects.
On 17/12/2021 10:00, Arjohn Kampman wrote:
Hi,
First of all: thank you for looking into the vulnerabilities related to
the log4j news. The announcement about the 1.2.9 release is a bit light
on details in how it differs from the 1.2.8 release. I thought the 1.2.8
disabled all the critical bits, which makes it safe to use again, but
the news article indicates that any version prior to 1.2.9 (including
1.2.8) is vulnerable. So does this mean that 1.2.9 fixes yet more
security issues, or is this more about re-enabling some things that have
been disabled in 1.2.8?
Regards,
Arjohn Kampman
_______________________________________________
_______________________________________________
logback-user mailing list
[email protected]
http://mailman.qos.ch/mailman/listinfo/logback-user
