ESET states that they're not vulnerable, but we have various companies that Have ESET Secure Authentication installed and perform a scan for files, then we see that log4j is included in ESET Secure Authentication in the Elasticsearch component which they're shipping in their binary.

[2021-12-16 10:19:27.784944] VULNERABLE: C:\Program Files\ESET Secure Authentication\elasticsearch\lib\log4j-core-2.11.1.jar -> org\apache\logging\log4j\core\net\JndiManager.class [04fdd701809d17465c17c7e603b1b202: log4j 2.9.0 - 2.11.2]

[2021-12-16 10:19:28.847458] VULNERABLE: C:\Program Files\ESET Secure Authentication\elasticsearch\search-guard-tlstool-1.7\deps\log4j-core-2.11.1.jar -> org\apache\logging\log4j\core\net\JndiManager.class [04fdd701809d17465c17c7e603b1b202:log4j 2.9.0 - 2.11.2]

Workaround: https://support.eset.com/en/kb8190-vulnerability-log4j2-in-the-reporting-engine-elasticsearch-of-eset-secure-authentication?ref=esf

thanks @nvaert1986, can you please submit a PR? Thanks!

thanks @nvaert1986, can you please submit a PR? Thanks!

I can't as the

thanks @nvaert1986, can you please submit a PR? Thanks!

I can't as the new pull request button is greyed out and only see the base: main and branch: main

Can you try the steps listed here? https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files#editing-files-in-another-users-repository I am happy to help you succeed.

Can you try the steps listed here? https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files#editing-files-in-another-users-repository I am happy to help you succeed.

The pull request is made.

Thanks; what's the PR number? I'd like to close both at the same time :)