Hi David,
Thank you for your sharing this information.
--
Ceki Gülcü
Please contact suppport(at)qos.ch for donations, sponsorship or support
contracts related to SLF4J or logback projects.
On 22/12/2021 22:24, David Smiley wrote:
Hello Slf4j community,
I'd like to share a happy discovery about the well-known "Log4shell"
vulnerability on Log4j2. Apps that use Slf4j with Log4j2 backing (and
which don't otherwise call Log4j2 directly) can be mitigated
by log4j2.formatMsgNoLookups=true
https://lists.apache.org/thread/kgh63sncrsm2bls884pg87mnt8vqztmz
<https://lists.apache.org/thread/kgh63sncrsm2bls884pg87mnt8vqztmz>
As I write this (with Ralph having yet to respond to my follow-up), it's
not really some final determination but it's highly encouraging.
~ David Smiley
Apache Lucene/Solr Search Developer
http://www.linkedin.com/in/davidwsmiley
<http://www.linkedin.com/in/davidwsmiley>
_______________________________________________
slf4j-user mailing list
[email protected]
http://mailman.qos.ch/mailman/listinfo/slf4j-user
