One person's EOL is another person's open source business model ! (RHEL
subscriptions are not cheap!)
Anyway, quick FYI - I noticed Atlassian has rev'd log4j-1.2.17 fifteen
times ! Might be some good patches in there. They do publish the
"sources.jar":
e!
On Thu, Dec 30, 2021 at 9:01 AM Julius Davies
wrote:
> Hello,
>
> Long time lurker here.
>
> There are probably tens of thousands of CVEs in the NVD that are
> theoretically exploitable, but in practice will never be exploited. I
> wouldn't take things people s
Hello,
Long time lurker here.
There are probably tens of thousands of CVEs in the NVD that are
theoretically exploitable, but in practice will never be exploited. I
wouldn't take things people say on twitter too seriously when it comes to
determining CVE-worthiness.
I mainly think of the CVE
Darn it - forgot to include the very small set of changes I had to make to
pom.xml to get it to build. That's here:
https://github.com/mergebase/log4j/commit/22548a879d786c486d4d37e8ea587a1396a43800
On Wed, Dec 15, 2021 at 2:56 PM Julius Davies
wrote:
> Hi Logging Team!
>
> Long ti
this helpful.
And thanks for all your work and especially all the Log4J releases lately.
yours,
Julius Musseau
(aka Julius Davies - I committed a few things back in 2007 to
commons-codec, but have been a bit distracted since those days!)
On Wed, Dec 15, 2021 at 1:08 PM Matt Sicker wrote:
>
> I
