On 2021/12/21 10:48:41 Shivji Kumar Jha wrote: > Hi LinLin, > > Log4j version 2.16.0 has DDoS possibilities in some cases [1] . Can we move > to Log4j 2.17.0 in 2.8.2? > > Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not > > protect from uncontrolled recursion from self-referential lookups. This > > allows an attacker with control over Thread Context Map data to cause a > > denial of service when a crafted string is interpreted. This issue was > > fixed in Log4j 2.17.0 and 2.12.3. Already included
- [VOTE] Apache Pulsar 2.8.2 candidate 2 linlin
- Re: [VOTE] Apache Pulsar 2.8.2 candidate 2 PengHui Li
- Re: [VOTE] Apache Pulsar 2.8.2 candidate 2 Hiroyuki Sakai
- RE: [VOTE] Apache Pulsar 2.8.2 candidate 2 Masahiro Sakamoto
- Re: [VOTE] Apache Pulsar 2.8.2 candidate 2 Shivji Kumar Jha
- Re: [VOTE] Apache Pulsar 2.8.2 candidat... Enrico Olivelli
- Re: [VOTE] Apache Pulsar 2.8.2 can... Enrico Olivelli
- Re: [VOTE] Apache Pulsar 2.8.2 candidat... Lin Lin
- Re: [VOTE] Apache Pulsar 2.8.2 can... Nicolò Boschi
- Re: [VOTE] Apache Pulsar 2.8.2... Enrico Olivelli
- Re: [VOTE] Apache Pulsar 2... Dave Fisher
