|
|
|
|
|
|
by hn_throwaway_99
1650 days ago
|
|
|
Note, as others have commented, the JRE change prevented the fully open-ended RCE where you could download classfiles from an external server and run them. However, the log4j bug does still allow posting of environment variables to external servers, even with the JRE changes, which could be just as catastrophic. That was my understanding anyway, someone correct me if I'm wrong. |
|
|