Hi all,
Quoting from the CVE details:
"to remotely execute arbitrary code when combined with a deserialization
gadget when listening to untrusted network traffic for log data"
Apache NetBeans does not "listen to untrusted network traffic for log
data", so it's not vulnerable.
Kind regards,
Antonio
El 4/1/22 a las 16:24, Humphrey Clerx escribió:
And there is a security vulnerability present in log4j 1.x,
CVE-2019-17571 <https://www.cvedetails.com/cve/CVE-2019-17571/> that
might need addressing in NetBeans. This is stated on the following page:
- https://logging.apache.org/log4j/1.2/
<https://logging.apache.org/log4j/1.2/>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@netbeans.apache.org
For additional commands, e-mail: users-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists