On Mon, 13 Dec 2021 at 14:43, Aleksandar Lazic <[email protected]> wrote: > Well I go the other way around. > > The application must know what data are allowed, verify the input and if the > input is not valid discard it.´
You clearly did not understand my point so let me try to phrase it differently: The log4j vulnerability is about "allowed data" triggering a software vulnerability which was impossible to predict. Lukas
