[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Tue Dec 14 15:12:41 EST 2021
On 2021-12-14, Arne Vajhøj <arne at vajhoej.dk> wrote:
>
> The best obviously is to upgrade log4j.
>
> Nobody needs that feature causing the vulnerability (obviously
> except whoever introduced it).
>
I wonder how that feature got past a design review ?
I wonder if there were too many layers involved for someone to be
able to connect the dots ?
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list