Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
See https://logging.apache.org/log4j/2.x/:
News
Log4j 2.15.1 has been released solely to disable access to JNDI by default. The CVE noted below was fixed in the 2.15.0 release. 2.15.1 is NOT a required upgrade but users may choose to use it to have confidence that JNDI will not be abused.
Description
There is language in the documentation that refers to "2.15.1" which became "2.16.0".
This could cause confusion.