Python 日志模块 & 间接 log4j 漏洞暴露?
[英]Python logging module & indirect log4j vulnerability exposure?
问题描述
Since the python logging package is based on PEP 282 and influenced by Apache's log4j system, does this package is impacted by the recent log4j vulnerabilities? 
Since the python logging package is based on PEP 282 and influenced by Apache's log4j system, does this package is impacted by the recent log4j vulnerabilities?
My knowledge of this particular module is limited so I'm hoping somebody here is a bit more familiar.我对这个特定模块的了解有限,所以我希望这里有人更熟悉一些。
1 个解决方案
解决方案1
0 已采纳 2022-01-18 13:36:28
It's not affected (disclosure: I'm the maintainer of Python logging), because Python logging is not a direct port of log4j , just influenced by it (in part).它不受影响(披露:我是 Python 日志记录的维护者),因为 Python 日志记录不是log4j的直接端口(仅受其影响)。 There are no equivalents in Python logging to the JNDI functionality built into log4j , that led to the vulnerabilities in it. Python 中没有等效的日志记录到log4j中内置的 JNDI 功能,这导致了其中的漏洞。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.