jvz commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-993182759
Yes, removing the JMSAppender class would mitigate one of the main issues there. I'd recommend removing SocketServer while you're at it as that's affected by an older CVE. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
