Hacker News new | past | comments | ask | show | jobs | submit login

> After reading about this Log4j thing I realize it's not a bug.

It's an exploit and shouldn't be a "feature" at first place.




It does matter, because it helps to think about how to prevent these things in the future.


Again, the point is, whether it is a bug or not is irrelevant. It's an exploit and should be patched. If it was deemed a "feature" then it needs to be removed. There is nothing hard to understand here.


I was referring to the "it doesn't matter" part of your comment, which you have now removed? Of course you're right that it doesn't matter what the underlying reason was and how it needs to be dealt with NOW.


Since you focused on the wrong part of my comment I edited it yes. My previous answer makes it clear what I was talking about.


The patch seems to be disabling the feature by default. Not a great fix.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: