Re: Log4Shell and Log::Log4perl


Clear questions and runnable code get the best and fastest answer
	PerlMonks

by Corion (Patriarch)

on Dec 24, 2021 at 10:58 UTC ( #11139870=note: print w/replies, xml )

Need Help??

I don't know what you're getting at exactly, but I'm going to make some guesses:

Log::Log4perl works without Java installed, so if it has vulnerabilities, these are not caused by any Java dependency.

The main vulnerability in Log4j is the (v2) loading of code via JNDI. Log::Log4perl does implement the version 1 API of Log4j.

If you don't understand the source code, you will have to trust somebody who says that there is no vulnerability.

Comment on Re: Log4Shell and Log::Log4perl

Replies are listed 'Best First'.
Re^2: Log4Shell and Log::Log4perl by bliako (Monsignor) on Dec 24, 2021 at 11:06 UTC
I don't know what you're getting at exactly... I wanted an explanation as to why it is not vulnerable. What you said is a fine explanation: i.e., 1) it implements v1 API of Log4j (and not v2) and 2) it is pure Perl and does not call Log4j's java jars. Fine, thanks.	[reply]

Domain Nodelet^?

Node Status^?

node history
Node Type: note [id://11139870]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others cooling their heels in the Monastery: (3)

As of 2022-06-27 05:52 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

Notices^?