[Opensim-dev] Log4J (Ferd Frederix/Fred Beckhusen)
Fred Beckhusen
fred at mitsi.com
Wed Dec 15 18:00:33 UTC 2021
Github's Dependabot says very publicly that our Log4Net.dll has an XXE
vulnerability. That's the issue.
We don't load Robust.exe.config or Opensim.exe.config with user supplied
data, so AFAIK, we don't have a exploitable security issue. But that
may not matter. IT professionals will be much more sensitive to XXE
after their Log4J remediation efforts.
We all know that the major sponsors of Opensim are Universities. Their
IT departments are under attack.
~ Fred
More information about the Opensim-dev
mailing list