Github's Dependabot says very publicly that our Log4Net.dll has an XXE
vulnerability. That's the issue.
We don't load Robust.exe.config or Opensim.exe.config with user supplied
data, so AFAIK, we don't have a exploitable security issue. But that
may not matter. IT professionals will be much more sensitive to XXE
after their Log4J remediation efforts.
We all know that the major sponsors of Opensim are Universities. Their
IT departments are under attack.
~ Fred
_______________________________________________
Opensim-dev mailing list
Opensim-dev@opensimulator.org
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev