Closed DrZ7 closed 2 years ago
CVE-2017-5645 looks very much like a duplicate of https://cve.report/CVE-2019-17571 which was already fixed in reload4j 1.2.18.0
Where is the source code for 1.2.17.redhat-3 if I may ask?
I see. We only have the sources jar; https://maven.repository.redhat.com/ga/log4j/log4j/1.2.17.redhat-3/ We just want to be sure to not miss fixes going from 1.2.17.redhat-3 to reload4j.
both issues are not exactly the same, but the remediation seems to be the same.
Any plans to fix older issues? (Why did we not fork from 1.2.17.redhat-3?)