Hello Slf4j community, I'd like to share a happy discovery about the well-known "Log4shell" vulnerability on Log4j2. Apps that use Slf4j with Log4j2 backing (and which don't otherwise call Log4j2 directly) can be mitigated by log4j2.formatMsgNoLookups=true
https://lists.apache.org/thread/kgh63sncrsm2bls884pg87mnt8vqztmz As I write this (with Ralph having yet to respond to my follow-up), it's not really some final determination but it's highly encouraging. ~ David Smiley Apache Lucene/Solr Search Developer http://www.linkedin.com/in/davidwsmiley
_______________________________________________ slf4j-user mailing list slf4j-user@qos.ch http://mailman.qos.ch/mailman/listinfo/slf4j-user