You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@logging.apache.org by "Ralph Goers (Jira)" <ji...@apache.org> on 2021/12/16 07:21:00 UTC
[jira] [Created] (LOG4J2-3242) Limit JNDI to the java protocol only
Ralph Goers created LOG4J2-3242:
-----------------------------------
Summary: Limit JNDI to the java protocol only
Key: LOG4J2-3242
URL: https://issues.apache.org/jira/browse/LOG4J2-3242
Project: Log4j 2
Issue Type: Bug
Components: Core
Affects Versions: 2.16.0
Reporter: Ralph Goers
Fix For: 2.16.1
The use of JNDI to access anything besides the java protocol has proven to be insecure. Use of anything but that must be disabled. JNDI needs to remain disabled by default.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)