To clarify about the mitigations: the "-Dlog4j2.formatMsgNoLookups=true"
mitigation that has been floating around the Internet is *not effective*
for log4j 2.8.2, which was used by Druid 0.22.0 and other recent versions.
If you are going to stay on an older version of Druid, do not use this
mitigat
I just sent an email about the 0.22.1 release and this advisory to
Royce who seems to be a maintainer of this page:
https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/.
On Mon, Dec 13, 2021 at 12:20 PM Gian Merlino wrote:
>
> To clarify about the mitigations: the "-Dlog4j2.f
