You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by ma...@apache.org on 2021/12/18 23:50:17 UTC

[logging-log4j-site] branch asf-staging updated: Update credits

This is an automated email from the ASF dual-hosted git repository.

mattsicker pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git


The following commit(s) were added to refs/heads/asf-staging by this push:
     new 06bc40d  Update credits
06bc40d is described below

commit 06bc40d30475fa6c205a400ed84e2bbab1b20086
Author: Matt Sicker <bo...@gmail.com>
AuthorDate: Sat Dec 18 17:49:08 2021 -0600

    Update credits
---
 log4j-2.17.0/security.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/log4j-2.17.0/security.html b/log4j-2.17.0/security.html
index 3c4e3b2..3de8d8b 100644
--- a/log4j-2.17.0/security.html
+++ b/log4j-2.17.0/security.html
@@ -208,7 +208,7 @@ Apache Log4j2 does not always protect from infinite recursion in lookup evaluati
 <h3><a name="Work_in_progress"></a>Work in progress</h3>
 <p>The Log4j team will continue to actively update this page as more information becomes known.</p></section><section>
 <h3><a name="Credit"></a>Credit</h3>
-<p>This issue was discovered by Hideki Okamoto of Akamai Technologies and another anonymous vulnerability researcher.</p></section><section>
+<p>Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro’s Zero Day Initiative, and another anonymous vulnerability researcher.</p></section><section>
 <h3><a name="References"></a>References</h3>
 <ul>
 
@@ -273,7 +273,7 @@ Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution
 <p>The Log4j team will continue to actively update this page as more information becomes known.</p></section><section>
 <h3><a name="Credit"></a>Credit</h3>
 <p>This issue was discovered by Kai Mindermann of iC Consult and separately by 4ra1n.</p>
-<p>Additional vulnerability details discovered independently by Ash Fox of Google, Anthony Weems of Praetorian, and RyotaK</p></section><section>
+<p>Additional vulnerability details discovered independently by Ash Fox of Google, Alvaro Muñoz and Tony Torralba from GitHub, Anthony Weems of Praetorian, and RyotaK (@ryotkak).</p></section><section>
 <h3><a name="References"></a>References</h3>
 <ul>