Hi Markus, > I think that was a mistake. We definitely should fix apache-log4j1.2 in > all distributions because a lot of packages depend on it. However the > vulnerability surfaces only when you use the (optional) option to log to > a remote server.
Sure thing and I agree with you. Please go ahead. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
