garydgregory commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990504842
As documented here: https://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/net/JMSAppender.html Gary On Thu, Dec 9, 2021, 20:30 Gary Gregory ***@***.***> wrote: > We need to look at the log4j 1 JMS Appender which I thought had at least > programmatic support for JNDI. > > Gary > > On Thu, Dec 9, 2021, 20:26 Remko Popma ***@***.***> wrote: > >> Hi @rgoers <https://github.com/rgoers>, is log4j 1.x vulnerable? >> >> Hi @yuezk <https://github.com/yuezk>, as far as I can tell, log4j 1.x >> does not support lookups. I also could not find any other reference to JNDI >> in the log4j 1.x source code >> <http://svn.apache.org/viewvc/logging/log4j/trunk/>. So, no guarantees >> but it looks like 1.x is not impacted by this vulnerability. >> >> — >> You are receiving this because you were mentioned. >> Reply to this email directly, view it on GitHub >> <https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126>, >> or unsubscribe >> <https://github.com/notifications/unsubscribe-auth/AAJB6NYD7R35WOHFKBO3ILLUQFJLHANCNFSM5JA3ZEGA> >> . >> Triage notifications on the go with GitHub Mobile for iOS >> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> >> or Android >> <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. >> >> > -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
