[jira] [Created] (LOG4J2-3207) Move JNDI / network lookups out of the core module

["Ches Martin (Jira)" <ji...@apache.org>]

Ches Martin created LOG4J2-3207:
-----------------------------------

             Summary: Move JNDI / network lookups out of the core module
                 Key: LOG4J2-3207
                 URL: https://issues.apache.org/jira/browse/LOG4J2-3207
             Project: Log4j 2
          Issue Type: Wish
          Components: Core
            Reporter: Ches Martin


I don't wish to dogpile on maintainers during a difficult time (the vulnerability of LOG4J2-3201 / LOG4J2-3198), however:

The surface of what can go wrong with this functionality is vast. A primary motivation for it originally in LOG4J2-313 was context selection, and anecdotally at least, web application containers are a diminishing deployment model in industry.

In my operation of first- and third-party systems, I do not want this functionality to be used, or at least for any use to draw a high degree of scrutiny.

Thus I'd like to propose that JNDI lookups require a dedicated dependency such as {{log4j-jndi}} without which {{${jndi:}}} lookups should not function.

While a crucial part of the issue was a sanitization one (LOG4J2-3198) which could have dangers with nearly any lookup plugin, lookups involving any form of network access are of particular concern. Docker and Kubernetes lookups may thus belong in the scope of this request also.

It would be an improvement to me if only the {{java}} JNDI protocol was supported in Core, but much easier to audit if {{${jndi:}}} is altogether unsupported.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)