Blender is not affected by this vulnerability #20
Comments
|
fake news! |
本来就是tm个信息收集的东西,信息不对,干掉就好了,而且承认错误,但是你怨气这么大干啥???注意素质 |
|
Liar |
|
it come from twitter,and i didnot verify it,sorry about the fake info. I’ll test before pr next time. qwq |
|
英文里唯唯诺诺,中文里重拳出击是吧。 怼的就是你这种人,提交的数据不检查,还"承认错误",道歉都在23分钟后才发出来,你咋这么要脸呢。 |
确实是我的错,但是不做就不会犯错,谁没犯过错误呢,都是为了开源项目,目的初衷是好的,希望理解。我也做了很多开源,绝不是恶意提交者!再次抱歉! |
之前以为是恶意提交,语气有点冲,还请见谅。能把数据修正过来自然是最好的结果。 |
|
Yeah, there are a lot of "rich text" -type input fields in a lot of apps out there, which parse and try to resolve URLs (why Blender would be doing this in an object name is beyond me, but it may be just a common data input library feature they use for all or most input fields), so just a DNS lookup hit check isn't sufficient to determine vulnerability. Blender has no Java in it, and thus cannot use log4j2, and is not vulnerable to this CVE. |
|
I missed that there was already a ticket for this and created a duplicate in #42 by accident. The origin of that screenshot is a tweet that was posted as a joke. Blender is not affected by the CVE. |
@cckuailong 别tm瞎提交
The text was updated successfully, but these errors were encountered: