fluffynuts commented on pull request #18:
URL: https://github.com/apache/logging-log4net/pull/18#issuecomment-1035938068
@tobylo I've been looking into this as part of another issue - there's a
similar situation in the "non-log4j" variant which I had to update for the test
app I wrote to
[
https://issues.apache.org/jira/browse/LOG4J2-3371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490694#comment-17490694
]
Ralph Goers commented on LOG4J2-3371:
-
[~ggregory] We certainly could escape all control characters.
dependabot[bot] opened a new pull request #750:
URL: https://github.com/apache/logging-log4j2/pull/750
Bumps [liquibase-core](https://github.com/liquibase/liquibase) from 3.5.5 to
3.10.3.
Release notes
Sourced from https://github.com/liquibase/liquibase/releases;>liquibase-core's
[
https://issues.apache.org/jira/browse/LOG4J2-3371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490551#comment-17490551
]
4ra1n commented on LOG4J2-3371:
---
In fact, for this problem, there are corresponding reasons for publishing
[
https://issues.apache.org/jira/browse/LOG4J2-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
PJ Fanning resolved LOG4J2-3310.
Fix Version/s: Scala 12.1
Resolution: Fixed
> maybe some log4j-api-scala methods should be
[
https://issues.apache.org/jira/browse/LOG4J2-3184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490509#comment-17490509
]
PJ Fanning commented on LOG4J2-3184:
[~mattsicker] [~vy] is there a timeline on when v0.12.1 will be
[
https://issues.apache.org/jira/browse/LOG4J2-3371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490479#comment-17490479
]
Gary D. Gregory commented on LOG4J2-3371:
-
If we were to allow for stripping out control
[
https://issues.apache.org/jira/browse/LOG4J2-3371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490449#comment-17490449
]
Ralph Goers commented on LOG4J2-3371:
-
[~mattsicker] The fix for the PatternLayout requires more
[
https://issues.apache.org/jira/browse/LOG4J2-3400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490432#comment-17490432
]
Nils Breunese commented on LOG4J2-3400:
---
The fact that the code lives in a separate repository
[
https://issues.apache.org/jira/browse/LOG4J2-3371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490415#comment-17490415
]
Matt Sicker commented on LOG4J2-3371:
-
I doubt the PMC would approve of publishing a CVE for this.
[
https://issues.apache.org/jira/browse/LOG4J2-3400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490399#comment-17490399
]
Matt Sicker commented on LOG4J2-3400:
-
The version isn't in log4j-bom since it's in a different repo
[
https://issues.apache.org/jira/browse/LOG4J2-3400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490274#comment-17490274
]
Volkan Yazici commented on LOG4J2-3400:
---
/cc [~mattsicker]
> Document Maven coordinates for Log4j
[
https://issues.apache.org/jira/browse/LOG4J2-3391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490271#comment-17490271
]
Gary D. Gregory commented on LOG4J2-3391:
-
[~ugurlu]
Give it another go and let me know...
>
Nils Breunese created LOG4J2-3400:
-
Summary: Document Maven coordinates for Log4j Kotlin API
Key: LOG4J2-3400
URL: https://issues.apache.org/jira/browse/LOG4J2-3400
Project: Log4j 2
Issue
mneundorfer closed pull request #749:
URL: https://github.com/apache/logging-log4j2/pull/749
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail:
mneundorfer opened a new pull request #749:
URL: https://github.com/apache/logging-log4j2/pull/749
…5424
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe,
[
https://issues.apache.org/jira/browse/LOG4J2-3371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490041#comment-17490041
]
4ra1n edited comment on LOG4J2-3371 at 2/10/22, 8:40 AM:
-
Yes, for example, if
[
https://issues.apache.org/jira/browse/LOG4J2-3371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490041#comment-17490041
]
4ra1n commented on LOG4J2-3371:
---
Yes, for example, if other projects using log4j have log injection in
[
https://issues.apache.org/jira/browse/LOG4J2-3394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490032#comment-17490032
]
Duo Zhang commented on LOG4J2-3394:
---
OK, thank you [~rgoers]!
> The
[
https://issues.apache.org/jira/browse/LOG4J2-3371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490027#comment-17490027
]
Ralph Goers commented on LOG4J2-3371:
-
I personally do not consider this to be worthy of a CVE. I do
[
https://issues.apache.org/jira/browse/LOG4J2-3394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17490025#comment-17490025
]
Ralph Goers commented on LOG4J2-3394:
-
The approach I suggested still didn’t work with lookups. I
21 matches
Mail list logo