Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-3208

Disable JNDI by default

    XMLWordPrintableJSON

Details

    • Story
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.15.0
    • 2.16.0
    • Core
    • None

    Description

      Dealing with CVE-2021-44228 has shown the JNDI has significant security issues. While we have mitigated what we are aware of it would be safer for users to completely disable it by default, especially since the large majority are unlikely to be using it. Those who are will need to specify -Dlog4j2.enableJndi=true or the environment variable form of it to use any JNDI components.

      Attachments

        Activity

          People

            Unassigned Unassigned
            rgoers Ralph Goers
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: