This website requires JavaScript.
Explore
Help
Sign In
zzz
/
i2p.i2p
Watch
1
Star
0
Fork
0
You've already forked i2p.i2p
forked from
I2P_Developers/i2p.i2p
Code
Issues
Pull Requests
Packages
Projects
Releases
Wiki
Activity
Files
3dcc954341bd3d4528dc01ff552baec1ee794f44
i2p.i2p
/
apps
/
jetty
History
idk
c4cfe420a6
disable any chance of JNDI lookups in log4j.properties file by setting %m{nolookups}. I don't think we're actually vulnerable to CVE-2021-44228 if I'm understanding correctly, by default it doesn't seem like we actually use log4j for much of anything and we don't do much logging of arbitrarily crafted remote inputs, but also it seems like this JNDI lookups thing is way more trouble than it could possibly be worth to us. Maybe it's a good idea to make sure it's turned off by default.
2021-12-10 21:01:37 -05:00
..
.externalToolBuilders
…
apache-tomcat-9.0.54
Tomcat 9.0.54
2021-10-11 10:46:26 -04:00
java/src/net
/i2p
…
jetty-distribution-9.3.30.v20211001
Jetty 9.3.30.v20211001
2021-10-10 12:09:12 -04:00
patches/jetty-util/src/main/java/org/eclipse/jetty
/util
Jetty 9.3.30.v20211001
2021-10-10 12:09:12 -04:00
resources
disable any chance of JNDI lookups in log4j.properties file by setting %m{nolookups}. I don't think we're actually vulnerable to CVE-2021-44228 if I'm understanding correctly, by default it doesn't seem like we actually use log4j for much of anything and we don't do much logging of arbitrarily crafted remote inputs, but also it seems like this JNDI lookups thing is way more trouble than it could possibly be worth to us. Maybe it's a good idea to make sure it's turned off by default.
2021-12-10 21:01:37 -05:00
build.gradle
…
build.xml
Jetty 9.3.30.v20211001
2021-10-10 12:09:12 -04:00
README-i2p.txt
…
