Hi Joe
No, it shouldn't, particularly because we're very different projects, on
very different platforms, and I understand that the log4j vuln is largely
linked to a _dependency_ of log4j. The closest we've had was an xml vuln
that was patched some time ago.
That being said, I'm currently the only maintainer and I definitely have
written the least code in log4net, so if you or anyone else would like to
audit for vulnerabilities (and, even better, PR mitigations), I'm all for it.
-d
On December 14, 2021 16:03:39 Joe Kelly <joe.ke...@okcu.org> wrote:
I was wondering if the log4net service has a similar vulnerability as
log4j. There isn't any information on the log4net security page and the
current version of 2.0.13 doesn't match the log4j version of 2.16.0.
Joe Kelly
Information Security Analyst
P: 405.763.5425
F: 405.602.6337
www.okcu.org<https://www.okcu.org>
joe.ke...@okcu.org <mailto:joe.ke...@okcu.org>
Oklahoma's Credit Union
Happy to Help(r)
________________________________
NOTICE:
This e-mail is intended solely for the use of the individual to whom it is
addressed and may contain information that is privileged, confidential or
otherwise exempt from disclosure. If the reader of this e-mail is not the
intended recipient or the employee or agent responsible for delivering the
message to the intended recipient, you are hereby notified that any
dissemination, distribution, or copying of this communication is strictly
prohibited. If you have received this communication in error, please
immediately notify us by replying to the original message at the listed
email address.
Happy to Help
Oklahoma's Credit Union
http://www.okcu.org
