> Github's Dependabot says very publicly that our Log4Net.dll has an XXE vulnerability.
This is eluding my google-fu and I can't find anything about it. Have a link? -D On Wed, Dec 15, 2021 at 10:00 AM Fred Beckhusen <f...@mitsi.com> wrote: > Github's Dependabot says very publicly that our Log4Net.dll has an XXE > vulnerability. That's the issue. > > We don't load Robust.exe.config or Opensim.exe.config with user supplied > data, so AFAIK, we don't have a exploitable security issue. But that > may not matter. IT professionals will be much more sensitive to XXE > after their Log4J remediation efforts. > > We all know that the major sponsors of Opensim are Universities. Their > IT departments are under attack. > > ~ Fred > > > _______________________________________________ > Opensim-dev mailing list > Opensim-dev@opensimulator.org > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > _______________________________________________ Opensim-dev mailing list Opensim-dev@opensimulator.org http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
