[logging-log4j2] branch release-2.x updated: [DOC] update security page to add other OS-es where RCE has been demonstrated for CVE-2021-44228

[rp...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

rpopma pushed a commit to branch release-2.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git


The following commit(s) were added to refs/heads/release-2.x by this push:
     new 6673628  [DOC] update security page to add other OS-es where RCE has been demonstrated for CVE-2021-44228
6673628 is described below

commit 667362884c1624454077c33fb6bbc46030173bbc
Author: rpopma <rp...@apache.org>
AuthorDate: Tue Dec 28 07:24:09 2021 +0900

    [DOC] update security page to add other OS-es where RCE has been demonstrated for CVE-2021-44228
---
 src/site/markdown/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md
index 245162e..2887ec0 100644
--- a/src/site/markdown/security.md
+++ b/src/site/markdown/security.md
@@ -130,7 +130,7 @@ It was found that the fix to address [CVE-2021-44228](https://cve.mitre.org/cgi-
 When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}),
 attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern,
 resulting in an information leak and remote code execution in some environments and local code execution in all environments;
-remote code execution has been demonstrated on macOS but no other tested environments.
+remote code execution has been demonstrated on MacOS, Fedora, Arch Linux, and Alpine Linux.
 
 ### Mitigation