You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by GitBox <gi...@apache.org> on 2021/12/15 17:51:16 UTC

[GitHub] [logging-log4j2] mrdgsmith commented on pull request #608: Restrict LDAP access via JNDI

mrdgsmith commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-995025131


   > @remkop Thank you for your reply I sent a vulnerability report to [private@logging.apache.org](mailto:private@logging.apache.org) on December 10 and received a reply and thanks from **Ralgh Goers** five hours later. **[CVE-2021-45046](https://github.com/advisories/GHSA-7rjr-3q55-vv33)** seems to have been proposed two days ago. It seems that I am ahead. I just hope my name: 4ra1n can join credit of `CVE-2021-45046` on the page `https://logging.apache.org/log4j/2.x/security.htm` I hope you can remember to add my name after your current work. I will be very grateful
   
   @EmYiQing The bug was originally disclosed to Apache on November 24th by Chen Zhaojun of Alibaba Cloud Security Team - https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/log4shell-vulnerability-is-the-coal-in-our-stocking-for-2021/


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org