dave2wave commented on a change in pull request #13446: URL: https://github.com/apache/pulsar/pull/13446#discussion_r773638618
########## File path: site2/website/blog/2021-12-11-Log4j-CVE.md ########## @@ -8,9 +8,10 @@ allow remote execution for attackers. The vulnerability issue is described and tracked under [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228). -Current releases of Apache Pulsar are bundling Log4j2 versions that are -affected by this vulnerability. We strongly recommend to follow the advisory of the -Apache Log4j community and patch your systems as soon as possible. +Current releases of Apache Pulsar are bundling Log4j2 versions that are affected by this vulnerability. +Default configuration, combined with JVM version and other factors, can render it exploitable. +We strongly recommend to follow the advisory of the Apache Log4j community and patch your systems Review comment: To be precise Log4i is a product of Apache Logging. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
