The project page says: As of April 1, 2020 Log4Net is a dormant project of Apache Logging Services. The dormant status means the project has been classified as inactive since it has had no recent development activity and there are no active volunteers to perform code reviews, commit code, or perform releases.
The CVE applies to version 2.0.8 and below and since 2.0.8 is the latest version I think you are going to be out of luck. On Mon, 25 May 2020 at 17:29, Suthish Nair <[email protected]> wrote: > Hi, > > Good Day! > > Is there any mitigation or vulnerability fix available for .NET Core > frameworks? > > Please let me know. > > Regards > Suthish > -- Regards, Andrew Marlow http://www.andrewpetermarlow.co.uk
