remkop commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-994653193
> I reported this denial of Service Vulnerability (cve-2021-45046) to the logging PMC last week. Although I didn't propose threadcontext, I explained the trigger method of the denial of service vulnerability. In terms of time, I should have proposed it earlier, but I didn't see my name in the CVE credit. I hope my name can also be added to the CVE credit. 4ra1n @EmYiQing Apologies if we missed anyone in giving proper credit to the people who helped discovering these vulnerabilities. The Apache Logging PMC have been extremely busy with confirming and fixing the vulnerability reports, releasing new versions of the software, and communicating about the vulnerabilities. When I woke up this morning I found my inbox had grown to 700+ unread messages. :-) Please don't hesitate to remind us again in a few days or a week or so when we have a bit more breathing space. Thank you for your understanding! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
