Any ports use log4j 2?
perry at macports.org
Sat Dec 11 19:27:20 UTC 2021
On Sat, Dec 11, 2021, at 10:34 AM, Ryan Schmidt wrote:
> On Dec 11, 2021, at 11:24, Richard L. Hamilton wrote:
>> CVE-2021-44228 sounds kinda scary!
> We appear to have a jakarta-log4j port but it is version 1.x, not 2.
Log4j 1.x isn't affected by that CVE , though there is a vulnerability that depends on configuration, not user input .
More information about the macports-users