[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228
Bill Gunshannon
bill.gunshannon at gmail.com
Tue Dec 14 18:49:00 EST 2021
On 12/14/21 3:12 PM, Simon Clubley wrote:
> On 2021-12-14, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>
>> The best obviously is to upgrade log4j.
>>
>> Nobody needs that feature causing the vulnerability (obviously
>> except whoever introduced it).
>>
>
> I wonder how that feature got past a design review ?
>
People do design reviews?
> I wonder if there were too many layers involved for someone to be
> able to connect the dots ?
bill
More information about the Info-vax
mailing list