fluffynuts commented on pull request #61: URL: https://github.com/apache/logging-log4net/pull/61#issuecomment-662846390
Hi @SymbioticKilla Apologies for the delayed response -- I dropped the ball with a bunch of GH notifications recently 😞 As far as I'm aware, this PR does not include any work against that CVE. I can have a look at it when I get some time. The original PR I made was to update build so that log4net could be built practically anywhere (well, anywhere with all of the arcane .net framework requirements, which means AppVeyor is doing a good job!) so that the project wouldn't be abandoned. When I picked up that task, there was already outstanding work and a version bump to 2.0.9, so that's the reason there's a version bump there -- it's basically the contributions that have been included since 2.0.8. I'd prefer to open a new PR to look into the item listed above. For a while now, I've been trying to keep the ball rolling on this project -- I've put in quite a bit of time on build and I'd really like to know that that time isn't going to /dev/null. If the above is a show-stopper, I can look at it now, but that's the current state in the wild too, so 2.0.9 can't be worse? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
