[slf4j-user] Slf4j shields from Log4shell via log4j2.formatMsgNoLookups=true
David Smiley
dsmiley at apache.org
Wed Dec 22 22:24:13 CET 2021
Hello Slf4j community,
I'd like to share a happy discovery about the well-known "Log4shell"
vulnerability on Log4j2. Apps that use Slf4j with Log4j2 backing (and
which don't otherwise call Log4j2 directly) can be mitigated
by log4j2.formatMsgNoLookups=true
https://lists.apache.org/thread/kgh63sncrsm2bls884pg87mnt8vqztmz
As I write this (with Ralph having yet to respond to my follow-up), it's
not really some final determination but it's highly encouraging.
~ David Smiley
Apache Lucene/Solr Search Developer
http://www.linkedin.com/in/davidwsmiley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qos.ch/pipermail/slf4j-user/attachments/20211222/d5c733aa/attachment.html>
More information about the slf4j-user
mailing list