remkop commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995427431
> > @remkop Thank you for your reply I sent a vulnerability report to [priv...@logging.apache.org](mailto:priv...@logging.apache.org) on December 10 and received a reply and thanks from **Ralgh Goers** five hours later. **[CVE-2021-45046](https://github.com/advisories/GHSA-7rjr-3q55-vv33)** seems to have been proposed two days ago. It seems that I am ahead. I just hope my name: 4ra1n can join credit of `CVE-2021-45046` on the page `https://logging.apache.org/log4j/2.x/security.htm` I hope you can remember to add my name after your current work. I will be very grateful > > @EmYiQing The bug was originally disclosed to Apache on November 24th by Chen Zhaojun of Alibaba Cloud Security Team - https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/log4shell-vulnerability-is-the-coal-in-our-stocking-for-2021/ > > https://logging.apache.org/log4j/2.x/security.html ![image](https://user-images.githubusercontent.com/17816263/146240814-0ac7186e-f0fa-4004-a974-522ed7d57e78.png) @EmYiQing I updated the credit section for the `CVE-2021-45046` vulnerability on the [security](https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046) page. We will change the CVE itself next. Thank you again very much for your contribution! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org