You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by "Siri (Jira)" <ji...@apache.org> on 2021/12/17 00:26:00 UTC

[jira] [Commented] (LOG4J2-3201) Limit the protocols JNDI can use and restrict LDAP.

    [ https://issues.apache.org/jira/browse/LOG4J2-3201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17461134#comment-17461134 ] 

Siri commented on LOG4J2-3201:
------------------------------

thanks a ton for 2.12.2 fix.  Any plans to do same for 2.3 (as that is last version that is compatible for java 6)

> Limit the protocols JNDI can use and restrict LDAP.
> ---------------------------------------------------
>
>                 Key: LOG4J2-3201
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3201
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Core
>            Reporter: Ralph Goers
>            Priority: Major
>             Fix For: 2.15.0
>
>
> LDAP needs to be limited in the servers and classes it can access. JNDI should only support the java, ldap, and ldaps protocols by default.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)