[Opensim-dev] Check if we are impacted by latest Zero-day exploiting Apache Log4j logging library
Ai Austin
ai.ai.austin at gmail.com
Tue Dec 14 10:10:55 UTC 2021
Fred Beckhsuen gave me some useful background on this... we use
Log4Net 2.0.8.0 in OpenSim 0.9.2.0 release and 0.9.21. Dev master,
and Fred says that before Log4Net 2.0.10 it has the same bug as Log4J
according CVE-2018-1285...
https://github.com/advisories/GHSA-2cwj-8chv-9pp9
Fred also added that he did hear something about OpenSim not allowing
arbitrary anything to be injected into Log4Net. Maybe those in the
know could take a look at that.
More information about the Opensim-dev
mailing list