merlimat commented on PR #16884: URL: https://github.com/apache/pulsar/pull/16884#issuecomment-1200362466
> Release notes https://logging.apache.org/log4j/2.x/changes-report.html I think we should be a bit more specific here on which particular issue. >@liudezhi2098 if you think that there is a high security risk then please do not send a PR but reach out to [[email protected]](mailto:[email protected]) to discuss the problem. Disclosing a security issue on GH means to disclose it to the public and put pressure on the whole community If there's already a security issue in Log4j it means the issue is already public. There's no need for secrecy at this point. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
