You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by GitBox <gi...@apache.org> on 2021/12/14 10:34:10 UTC

[GitHub] [logging-log4j2] quericy removed a comment on pull request #608: Restrict LDAP access via JNDI

quericy removed a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993403042


   > > @remkop嗨！感谢您的工作和社区通信。
   > > 您是否计划将与此漏洞的对应关系向后移植到 2.x 的旧版本？
   > 
   > 如果安全修复程序可以回移植到 2.12.x，我也将不胜感激，因为这是支持 Java 7 的最后一个版本。 我们仍然在 Elastic APM Java 代理中支持 Java 7，因此我们无法升级到 2.15.0，这需要 Java 8。我们通过排除来修复漏洞，`JndiLookup`但这仍然会导致漏洞扫描器发出警告，从而产生很多摩擦（请参阅[elastic/apm-agent-java#2332](https://github.com/elastic/apm-agent-java/pull/2332)）。
   > 
   > 您是否会考虑将安全修复程序回移植到 2.12.x 分支？有什么我们可以帮你的吗？
   
   Hi, we provide a patch-version based on 2.12.1(supportd Java7) that we hope it will be helpful to you. Release: https://github.com/quericy/logging-log4j2/releases/tag/2.12.1.sec1 . The pull request: https://github.com/apache/logging-log4j2/pull/608 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org