You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by "Ralph Goers (Jira)" <ji...@apache.org> on 2021/12/21 06:50:00 UTC

[jira] [Closed] (LOG4J2-3242) Limit JNDI to the java protocol only

     [ https://issues.apache.org/jira/browse/LOG4J2-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ralph Goers closed LOG4J2-3242.
-------------------------------

> Limit JNDI to the java protocol only
> ------------------------------------
>
>                 Key: LOG4J2-3242
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3242
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.16.0
>            Reporter: Ralph Goers
>            Priority: Major
>             Fix For: 2.17.0, 2.12.3, 2.3.1
>
>
> The use of JNDI to access anything besides the java protocol has proven to be insecure. Use of anything but that must be disabled. JNDI needs to remain disabled by default.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)