Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: Log4Shell and Log::Log4perl

by Corion (Patriarch)
on Dec 24, 2021 at 10:58 UTC ( #11139870=note: print w/replies, xml ) Need Help??


in reply to Log4Shell and Log::Log4perl

I don't know what you're getting at exactly, but I'm going to make some guesses:

Log::Log4perl works without Java installed, so if it has vulnerabilities, these are not caused by any Java dependency.

The main vulnerability in Log4j is the (v2) loading of code via JNDI. Log::Log4perl does implement the version 1 API of Log4j.

If you don't understand the source code, you will have to trust somebody who says that there is no vulnerability.

Replies are listed 'Best First'.
Re^2: Log4Shell and Log::Log4perl
by bliako (Monsignor) on Dec 24, 2021 at 11:06 UTC
    I don't know what you're getting at exactly...

    I wanted an explanation as to why it is not vulnerable. What you said is a fine explanation: i.e., 1) it implements v1 API of Log4j (and not v2) and 2) it is pure Perl and does not call Log4j's java jars. Fine, thanks.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11139870]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (3)
As of 2022-06-27 05:52 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My most frequent journeys are powered by:









    Results (86 votes). Check out past polls.

    Notices?