remkop commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-991387493
> When there are literally millions of log4j 1.x users out there, can you stop toying around? > > There is no lookup expansion in log4j 1.x and it does not suffer from [CVE-2021-44228](https://github.com/advisories/GHSA-jfh8-c2jp-5v3q). How hard is it to admit? Hi @ceki, thank you for clarifying that Log4j 1.x is not impacted by this vulnerability. I updated my previous comments by linking to [your analysis on Twitter](https://twitter.com/ceki/status/1469449618316533762), happy to link to other sources as well. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
