dandri/i2p.i2p
1
0
Fork 0
mirror of https://github.com/i2p/i2p.i2p.git synced 2026-06-04 10:51:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,413 Commits 1 Branch 306 Tags
a0f92b2e286ae94de3a1257adf4fba21db892f80
Commit Graph

2 Commits

Author SHA1 Message Date
idk c4cfe420a6 disable any chance of JNDI lookups in log4j.properties file by setting %m{nolookups}. I don't think we're actually vulnerable to CVE-2021-44228 if I'm understanding correctly, by default it doesn't seem like we actually use log4j for much of anything and we don't do much logging of arbitrarily crafted remote inputs, but also it seems like this JNDI lookups thing is way more trouble than it could possibly be worth to us. Maybe it's a good idea to make sure it's turned off by default. 2021-12-10 21:01:37 -05:00
zzz 4d1736eaf6 jetty logging tweaks 2011-12-30 21:58:16 +00:00