[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228

[Bill Gunshannon]

On 12/13/21 8:51 PM, Arne Vajhøj wrote:
> 

...

> The version of Java does not impact a bug in log4j more than
> the version of C compiler impact a buffer overrun in a C library.

We keep hearing this mantra over and over.  If it really is
such a problem why has no one ever bothered to write a new
library keeping the original APIs while internally removing
the overrun problem?  Oh wait, someone did. Back in the early
80's.  On the PDP-11.  For all the DEC OSes and Ultrix-11
and Version 7 Unix.  And there was even a version for the VAX.
How did that work out?

bill