You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/12/16 07:26:00 UTC

[jira] [Commented] (LOG4J2-3242) Limit JNDI to the java protocol only

    [ https://issues.apache.org/jira/browse/LOG4J2-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17460449#comment-17460449 ] 

ASF subversion and git services commented on LOG4J2-3242:
---------------------------------------------------------

Commit 95b24f77e77e4f1e5cc794df5332643e944fd6f8 in logging-log4j2's branch refs/heads/release-2.x from Ralph Goers
[ https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=95b24f7 ]

LOG4J2-3242 - Limit JNDI to only the java protocol.


> Limit JNDI to the java protocol only
> ------------------------------------
>
>                 Key: LOG4J2-3242
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3242
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.16.0
>            Reporter: Ralph Goers
>            Priority: Major
>             Fix For: 2.16.1
>
>
> The use of JNDI to access anything besides the java protocol has proven to be insecure. Use of anything but that must be disabled. JNDI needs to remain disabled by default.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)