[
https://issues.apache.org/jira/browse/LOG4J2-3233?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459640#comment-17459640
]
Gary D. Gregory commented on LOG4J2-3233:
-----------------------------------------
I am wondering what you are really using because there are no 1.3 or 1.4
versions. Please verify which jar files you are using and list their names.
> Log4j 1.x.xx vulnerability assessment
> -------------------------------------
>
> Key: LOG4J2-3233
> URL: https://issues.apache.org/jira/browse/LOG4J2-3233
> Project: Log4j 2
> Issue Type: Bug
> Components: log4j 1.2 emulation, Log4j-to-SLF4J
> Environment: PRODUCTION
> Reporter: Ram Subramanian
> Priority: Major
>
> Hi Team,
>
> We are running legacy decade old applications using log4j 1.2.13 and log4j
> 1.2.17 , log4j 1.3.xx and 1.4.xx
>
> Question:
> are the above older log4j 1.xx versions been impacted by the security
> vulnerability for log4j2
>
> Any help and clarity is much appreciated
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
