Hello
Let me describe the idea for 3 recent and 3 older Log41 CVEs:
- CVE-2022-23302:Deserialization of untrusted data in JMSSink
(org.apache.log4j.net.JMSSink#main())
- CVE-2022-23305: SQL injection in JDBC Appender
- CVE-2022-23307: A deserialization flaw in the Chainsaw component
[
https://issues.apache.org/jira/browse/FELIX-6499?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler resolved FELIX-6499.
-
Resolution: Fixed
> Add option to monitor service to always log with info level
>
[
https://issues.apache.org/jira/browse/FELIX-6499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17479187#comment-17479187
]
Carsten Ziegeler commented on FELIX-6499:
-
Thanks [~henzlerg]
> Add option to monitor service to
[
https://issues.apache.org/jira/browse/FELIX-6499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17479163#comment-17479163
]
Georg Henzler commented on FELIX-6499:
--
Fair enough, then