ceki commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-992730958
Regarding JMSAppender vulnerability, it has to be placed in the log4j 1.x and given a corrupt parameter in log4j.xml configuration file. If the log4j.xml configuration file is write protected for all users including its owner, it would be quite difficult to override it with corrupt instructions. For more details, please read http://slf4j.org/log4shell.html -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
