[Opensim-dev] Log4J (Ferd Frederix/Fred Beckhusen)
Dahlia Trimble
dahliatrimble at gmail.com
Wed Dec 15 23:15:52 UTC 2021
> Github's Dependabot says very publicly that our Log4Net.dll has an XXE
vulnerability.
This is eluding my google-fu and I can't find anything about it. Have a
link?
-D
On Wed, Dec 15, 2021 at 10:00 AM Fred Beckhusen <fred at mitsi.com> wrote:
> Github's Dependabot says very publicly that our Log4Net.dll has an XXE
> vulnerability. That's the issue.
>
> We don't load Robust.exe.config or Opensim.exe.config with user supplied
> data, so AFAIK, we don't have a exploitable security issue. But that
> may not matter. IT professionals will be much more sensitive to XXE
> after their Log4J remediation efforts.
>
> We all know that the major sponsors of Opensim are Universities. Their
> IT departments are under attack.
>
> ~ Fred
>
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>
More information about the Opensim-dev
mailing list