You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by GitBox <gi...@apache.org> on 2021/12/21 14:03:56 UTC

[GitHub] [logging-log4j2] garydgregory commented on pull request #630: Log4j2 is still vulnerable and underspecified. This updates documenta…

garydgregory commented on pull request #630:
URL: https://github.com/apache/logging-log4j2/pull/630#issuecomment-998805145


   " Sometimes it is shell-code vulnerable "
   That is just FUD and actually impossible because Logger is an interface. There is no implementation or behavior here, not even where default methods return constants which are themselves typed as an interface with no-op behavior, so choose your words carefully if you want to be taken seriously. My advice would be to tone down the hyperbole and be thoughtful.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org