[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228
Arne Vajhøj
arne at vajhoej.dk
Thu Jan 6 20:16:08 EST 2022
On 1/6/2022 8:02 PM, John Reagan wrote:
> The trouble is that log4j is at such a low level, it is buried in packages that are
> buried in other packages that are buried in even more packages. It might take a
> while for all of that to be squeezed out.
Yep.
A large portion of impacted users do not know that they are using log4j.
Heck - some of them may not even know they are using Java.
Arne
More information about the Info-vax
mailing list