ams-tschoening commented on pull request #84: URL: https://github.com/apache/logging-log4cxx/pull/84#issuecomment-994927090
> This issue discussed here affects:[...] Log4cxx is neither API compatible with Log4j2 nor an implementation of that. AFAIK Log4cxx doesn't even claim to be so anywhere. > This is a normative statement which significantly describes methods in log4cxx and every other implementation. No it doesn't. > That means that any API documentation and implementation of Log4j 2 (including log4cxx)[...] That claim is wrong. > [...]MUST (meaning defined in RFC 2119) support Messages. No it doesn't. > Required fix for API conformance Log4cxx doesn't claim to be API compatible with Log4j2 and of course doesn't need to. No logging framework needs to be and can freely decide that on its own. Your PR doesn't make any sense: It speaks about STRINGS in the added comment, while you are now discussing somwthing about `Messages` vs. `messages` vs. strings and are trying to convince people to implement one over the other for crude reasons. Besides that, you are claiming that shell code can be executed in your PR without proving that in any way. And even if Log4cxx would implement `Messages` like designed by Log4j2, that itself wouldn't necessarily mean that Log4cxx would be vulnerable in the same way like Log4j2 is with Log4Shell. Closing, because this doesn't seem to lead anywhere useful. @rm5248 Feel free to correct me. :-) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org