brunoborges edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994180618
While no Java version can effectively mitigate the issue, I want to point out that developers using `jlink` on Java 9+ for assembling custom runtimes that do **not** include `java.naming` module, are in fact not vulnerable to any JNDI related attack. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org