They're not talking about it in the context of log4j itself, they're talking about it in the context of other open source projects, that don't have something like the Apache foundation behind them, that are critical infrastructure, but have one or two maintainers working on them as a labor of love alongside a day job, and the potential, as such projects become legacy software, for them to still be half-maintained (and maybe maintain a significant user base) long after an institutionally maintained project would have officially been EOLed.
And there is something of that kind of risk with any DOS variety still in use. Any remote execution vulnerability, through any network-aware DOS software, is basically automatically a remote root vulnerability by the nature of the system. Now, most FreeDOS users are probably using it for retrogaming and such and not for anything business-critical, but anybody using it in an embedded setting needs to be really careful about exposing it to the network. >I really wonder how that would effect DOS, after all there is no web >interface, nor any Java in (Free)DOS. So (without having watched this rather >long video yet), any such conclusion seems to be a bit far fetch IMHO... _______________________________________________ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
