See: https://logging.apache.org/mailing-lists.html
-- Sent from my phone. Typos are a kind gift to anyone who happens to find them. On Tue, Dec 14, 2021, 21:24 Mayank Kumar <krmay...@gmail.com> wrote: > can someone help me unsubscribe to this email group ? I have tried > manytimes , but not succeeded ? > > -Mayank > > On Tue, Dec 14, 2021 at 12:16 PM Dominik Psenner <dpsen...@gmail.com> > wrote: > > > This question has been asked several times now. I'm proposing to update > the > > website so that it is more obvious that log4net and log4xx are not > > affected. > > > > On Tue, 14 Dec 2021 at 17:48, Matt Sicker <boa...@gmail.com> wrote: > > > > > JNDI is a Java API (Java Naming and Directory Interface) for > abstracting > > > various networking APIs like LDAP, DNS, etc. It’s not present in .NET > or > > > C++ (or any non-JVM language), so it does not affect log4net or > log4cxx. > > > -- > > > Matt Sicker > > > > > > > On Dec 14, 2021, at 08:54, David Schwartz <david.schwa...@ni.com> > > wrote: > > > > > > > > Hi Joe, > > > > > > > > Adding to what Davyd wrote. I just searched the codebase and the > > > JndiLookup class (where the log4j vulnerability was found) does not > exist > > > in log4net. In fact, there is no code related to jndi at all as far > as I > > > can see. > > > > > > > > David > > > > > > > > -----Original Message----- > > > > From: Davyd McColl <dav...@gmail.com <mailto:dav...@gmail.com>> > > > > Sent: Tuesday, December 14, 2021 4:10 PM > > > > To: dev@logging.apache.org <mailto:dev@logging.apache.org> > > > > Subject: [EXTERNAL] Re: log4net > > > > > > > > Hi Joe > > > > > > > > No, it shouldn't, particularly because we're very different projects, > > on > > > very different platforms, and I understand that the log4j vuln is > largely > > > linked to a _dependency_ of log4j. The closest we've had was an xml > vuln > > > that was patched some time ago. > > > > > > > > That being said, I'm currently the only maintainer and I definitely > > have > > > written the least code in log4net, so if you or anyone else would like > to > > > audit for vulnerabilities (and, even better, PR mitigations), I'm all > for > > > it. > > > > > > > > -d > > > > > > > > > > > > On December 14, 2021 16:03:39 Joe Kelly <joe.ke...@okcu.org> wrote: > > > > > > > >> I was wondering if the log4net service has a similar vulnerability > as > > > >> log4j. There isn't any information on the log4net security page and > > > >> the current version of 2.0.13 doesn't match the log4j version of > > 2.16.0. > > > >> > > > >> Joe Kelly > > > >> Information Security Analyst > > > >> P: 405.763.5425 > > > >> F: 405.602.6337 > > > >> > > https://urldefense.com/v3/__http://www.okcu.org__;!!FbZ0ZwI3Qg!6hdye55 > > > < > https://urldefense.com/v3/__http://www.okcu.org__;!!FbZ0ZwI3Qg!6hdye55> > > > >> e93GuHBF0X4qMKophICSr0Nb5ggI6RBgb2lJoysQv8jdWynWoouaTpixMWg$ > > > >> < > > https://urldefense.com/v3/__https://www.okcu.org__;!!FbZ0ZwI3Qg!6hdye > > > <https://urldefense.com/v3/__https://www.okcu.org__;!!FbZ0ZwI3Qg!6hdye > > > > > >> 55e93GuHBF0X4qMKophICSr0Nb5ggI6RBgb2lJoysQv8jdWynWoouYBYxYhmg$ > > > > >> > > > >> joe.ke...@okcu.org <mailto:joe.ke...@okcu.org> <mailto: > > > joe.ke...@okcu.org <mailto:joe.ke...@okcu.org>> Oklahoma's Credit > Union > > > >> Happy to Help(r) > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> ________________________________ > > > >> > > > >> NOTICE: > > > >> This e-mail is intended solely for the use of the individual to whom > > > >> it is addressed and may contain information that is privileged, > > > >> confidential or otherwise exempt from disclosure. If the reader of > > > >> this e-mail is not the intended recipient or the employee or agent > > > >> responsible for delivering the message to the intended recipient, > you > > > >> are hereby notified that any dissemination, distribution, or copying > > > >> of this communication is strictly prohibited. If you have received > > > >> this communication in error, please immediately notify us by > replying > > > >> to the original message at the listed email address. > > > >> > > > >> Happy to Help > > > >> Oklahoma's Credit Union > > > >> > > https://urldefense.com/v3/__http://www.okcu.org__;!!FbZ0ZwI3Qg!6hdye55 > > > < > https://urldefense.com/v3/__http://www.okcu.org__;!!FbZ0ZwI3Qg!6hdye55> > > > >> e93GuHBF0X4qMKophICSr0Nb5ggI6RBgb2lJoysQv8jdWynWoouaTpixMWg$ > > > > > > > > INTERNAL - NI CONFIDENTIAL > > > > > > > > > > -- > > Dominik Psenner > > > > > -- > Regards > Mayank >
