You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/site/asciidoc/security.adoc
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -50,7 +50,7 @@ The threat model that Log4j uses considers configuration files as safe input con
50
50
== Threat Model
51
51
52
52
Log4j is a low level library where configuration inputs and the classpath are expected to be controlled by the programmer.
53
-
Configurations have the ability to execute arbitrary code through custom plugins.
53
+
Configurations have the ability to execute arbitrary code.
54
54
While specific Log4j plugins (such as a JNDI lookup) may use constraint validators or conditionals to require additional settings to opt in to functionality, this is not universally required by custom plugins.
55
55
Specific security considerations involved in our threat model are detailed below.
0 commit comments