Hello Anchit, The only reliable source of information is our security page here https://logging.apache.org/log4j/2.x/security.html where you will answers to your questions.
We do not control what other sites say, nor would I want to review the whole internet; -) Gary On Thu, Jan 20, 2022, 09:17 anchit parmar <anchit.par...@idbiintech.com.invalid> wrote: > Dear Team, > > > > Please confim if 2.12.4 is vuln to following CVE's > > 1) <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105> > CVE-2021-45105 > > 2) <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046> > CVE-2021-45046 > > 3) <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228> > CVE-2021-44228 > > > > Also, > > As per https://endoflife.date/log4j log4j version 2.12.x has reached > its > EOL. The Log4j team no longer supports Java 7. > > > > Please confirm if above statement is true or not. > > > > > > Warm Regards, > > Anchit Parmar > > Team Lead - Vulnerability Management & Penetration Testing Practice > > Information Security Department > > IDBI Intech Limited , IDBI Bank Building, Plot No. 39-41, Sector-11, > > CBD Belapur, Navi Mumbai - 400 614 . > > Cell- 8779522843 > > > > > Disclaimer: This e-mail contains privileged information or information > belonging to IDBI Intech Ltd and is intended solely for the addressee/s. > Access to this email by anyone else is unauthorized. Any copying (whole or > partial) or further distribution beyond the original recipient is not > intended, and may be unlawful. The recipient acknowledges that IDBI Intech > Ltd is unable to exercise control or ensure or guarantee the integrity of > the contents of the information contained in e-mail transmissions and > further acknowledges that any views expressed in this message are those of > the individual sender and are not binding on IDBI Intech Ltd. E-mails are > susceptible to alteration and their integrity cannot be guaranteed. IDBI > Intech Ltd does not accept any liability for any damages caused on account > of this e-mail. If you have received this email in error, please contact > the sender and delete the material from your computer. >
