FYI, also, what makes this bad for log4j is that you can use it to make a jndi call to LDAP with a malicious payload.
log4net can't make a jndi call.. so it is not vulnerable. Even if it is unchecked, it can't go anywhere. On Tue, Dec 14, 2021 at 9:42 AM Michel Beauregard <gim...@yahoo.fr> wrote: > For further detail about the ACTUAL Zero-day log4j problem please relate > to > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 > > > > > GiMiSa > _______________________________________________ > Opensim-dev mailing list > Opensim-dev@opensimulator.org > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > _______________________________________________ Opensim-dev mailing list Opensim-dev@opensimulator.org http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
