tony-- commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993166232
> > Thank you Gary, Is there a way to make sure JMS Appender is disabled? Just to make sure that even if one of the installed Eclipse plug-ins is configured in a risky way, the vulnerability is addressed. > > No. @garydgregory Please confirm that removing org/apache/log4j/net/JMSAppender.class from log4j-1.2.x.jar is an effective way to mitigate the possibility of the vulnerability being enabled? I imagine it sounds like a silly question, but I haven't seen a POC for this, so I don't know how to reproduce and then check if removing the class positively disables the POC. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
