On Sat, Dec 11, 2021 at 5:11 PM Sebastian Hennebrüder <use...@laliluna.de> wrote:
> Hi all, > > I reproduced the attack against Tomcat 9.0.56 with latest Java 8 and Java > 11. Actually the Java path version is not relevant. > > It is possible with a deployed Tomcat 9 and Spring Boot with Tomcat > embedded. > Does this affect pre-2.x log4j's? (I am using tomcat 9.0.35 with log4j 1.2.17) -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org