You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by "Ralph Goers (Jira)" <ji...@apache.org> on 2021/12/16 07:21:00 UTC

[jira] [Created] (LOG4J2-3242) Limit JNDI to the java protocol only

Ralph Goers created LOG4J2-3242:
-----------------------------------

             Summary: Limit JNDI to the java protocol only
                 Key: LOG4J2-3242
                 URL: https://issues.apache.org/jira/browse/LOG4J2-3242
             Project: Log4j 2
          Issue Type: Bug
          Components: Core
    Affects Versions: 2.16.0
            Reporter: Ralph Goers
             Fix For: 2.16.1


The use of JNDI to access anything besides the java protocol has proven to be insecure. Use of anything but that must be disabled. JNDI needs to remain disabled by default.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)