On 13.12.21 14:53, Lukas Tribus wrote:
On Mon, 13 Dec 2021 at 14:43, Aleksandar Lazic <[email protected]> wrote:
Well I go the other way around.
The application must know what data are allowed, verify the input and if the
input is not valid discard it.´
You clearly did not understand my point so let me try to phrase it differently:
The log4j vulnerability is about "allowed data" triggering a software
vulnerability which was impossible to predict.
ah okay, then please accept my apologize for misunderstanding you.
Lukas
Regards
Alex
