[
https://issues.apache.org/jira/browse/NETBEANS-6441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17488300#comment-17488300
]
Neil C Smith commented on NETBEANS-6441:
----------------------------------------
https://blogs.apache.org/netbeans/entry/log4j-and-apache-netbeans
> Upgrade log4j to latest version
> -------------------------------
>
> Key: NETBEANS-6441
> URL: https://issues.apache.org/jira/browse/NETBEANS-6441
> Project: NetBeans
> Issue Type: Improvement
> Affects Versions: 12.1
> Reporter: Ashley Dingman
> Priority: Major
>
> # Which versions of your products utilize Log4j 1.x?
> # Do they utilize the JMSAppender or SocketServer classes?
> # Do you have any mitigation options available for addressing both
> CVE-2019-17571 and CVE-2021-4104?
> ## Would it impact the product if we deleted both the net/JMSAppender.class
> and net/SocketServer.class from the Log4j 1.x JAR itself?
> ## If they are not used can they be removed (required to be approved
> not-vulnerable)?
> # Can you provide a roadmap of when you plan to move Log4j version 2.15 or
> higher (or remove log4j)?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
