Baoqi commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990861408
> @Baoqi so this CVE impact log4j v 1.xx only if app is using JMSAddapter in
log4j configuration(log4j.properties) or not?
@sysmat I don't have answer for this, as I'
Baoqi commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990674220
@remkop , thanks for your reply. Just want to make it more clear, because
many people reach this issue mainly for the "JNDI lookup" CVE, so, for log4j
1.x, although it conta