[Opensim-dev] Log4J (Ferd Frederix/Fred Beckhusen)

[Fred Beckhusen]

Github's Dependabot says very publicly that our Log4Net.dll has an XXE 
vulnerability.   That's the issue.

We don't load Robust.exe.config or Opensim.exe.config with user supplied 
data, so AFAIK, we don't have a exploitable security issue.  But that 
may not matter.  IT professionals will be much more sensitive to XXE 
after their Log4J  remediation efforts.

We all know that the major sponsors of Opensim are Universities. Their 
IT departments are under attack.

~ Fred