[ https://issues.apache.org/jira/browse/NETBEANS-6441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17488300#comment-17488300 ]
Neil C Smith commented on NETBEANS-6441: ---------------------------------------- https://blogs.apache.org/netbeans/entry/log4j-and-apache-netbeans > Upgrade log4j to latest version > ------------------------------- > > Key: NETBEANS-6441 > URL: https://issues.apache.org/jira/browse/NETBEANS-6441 > Project: NetBeans > Issue Type: Improvement > Affects Versions: 12.1 > Reporter: Ashley Dingman > Priority: Major > > # Which versions of your products utilize Log4j 1.x? > # Do they utilize the JMSAppender or SocketServer classes? > # Do you have any mitigation options available for addressing both > CVE-2019-17571 and CVE-2021-4104? > ## Would it impact the product if we deleted both the net/JMSAppender.class > and net/SocketServer.class from the Log4j 1.x JAR itself? > ## If they are not used can they be removed (required to be approved > not-vulnerable)? > # Can you provide a roadmap of when you plan to move Log4j version 2.15 or > higher (or remove log4j)? -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists