You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@community.apache.org by "Nallapu, Shashi Kanth" <Sh...@ehi.com> on 2020/07/30 21:51:24 UTC

[Log4net] Query related to release of patch LOG4NET-575

Dear Team,
Can you please provide an update on the below query. This is about the 2.1.0 release for issue LOG4NET-575.
Currently we have a XXE vulnerability raised for log4net in our application. Our application uses log4net version 2.0.8 and Microsoft .net framework 4.5.2.
By default, .net framework will disable external entities but I think this has been overridden in log4net. I can see this issue was already been fixed on Jan 08, 2018 by log4net team and it should be available in the version 2.1.0 (which is not released yet)
Jira Link: https://issues.apache.org/jira/browse/LOG4NET-575.
We have been using this package in most of the applications. Can you please provide an update whether you have any plans to release this patch or not.
If it is not released, then can we apply patch on 2.0.8 version code base manually and rebuild the log4net library.
Thanks and Regards,
Shashikanth N.

On 2020/07/30 07:41:43, Satish Rathore <s....@gmail.com> wrote:
> Hi,>
>
> Do we have any further update on this, any plan for releasing 2.1.0>
>
> Thanks,>
> Satish>
>
> On 2020/04/04 22:24:59, Ralph Goers <ra...@dslextreme.com> wrote: >
> > I have modified the STATUS.txt and README.txt for Log4Net, tagged the source, zipped it and then published it to https://dist.apache.org/repos/dist/dev/logging/log4net/ <https://dist.apache.org/repos/dist/dev/logging/log4net/>.>

> > >
> > This is a vote to move those artifacts to the distribution release directory. >
> > >
> > This vote will remain open for 72 hours.>
> > >
> > Ralph>
>

________________________________

CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential and may contain information that is privileged. If you are not the named recipient, or responsible for delivering the message to the named recipient, you must not disclose, distribute, forward, copy, store or use this e-mail or its attachments in any form. If you have received this communication in error, please accept our apologies and promptly inform the sender by e-mail or by telephoning the above number. Please also immediately delete this message and any attachments from your systems.

To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies. Although this e-mail and its attachments have been checked by an up-to-date virus-checking program before transmission, it is your responsibility as recipient to ensure they are actually virus free when received.

Enterprise Rent-A-Car UK Limited is registered in England and Wales with registered number 2946689. The company's registered office is Enterprise House, Melburne Park, Vicarage Road, Egham Surrey TW20 9FB.