Can the following questions be confirmed for NetBeans?
1. Which versions of your products utilize Log4j 1.x, if any? 1. Do they utilize the JMSAppender or SocketServer classes? 1. Do you have any mitigation options available for addressing both CVE-2019-17571 and CVE-2021-4104? https://nvd.nist.gov/vuln/detail/CVE-2019-17571 https://nvd.nist.gov/vuln/detail/CVE-2021-4104 * Would it impact the product if we deleted both the net/JMSAppender.class and net/SocketServer.class from the Log4j 1.x JAR itself? 1. Can you provide a roadmap of when you plan to move Log4j version 2.15 or higher? Thanks, Ashley Dingman
