[LOG4J2-3242] Limit JNDI to the java protocol only - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.16.0
Fix Version/s: 2.17.0, 2.12.3, 2.3.1
Component/s: Core
Labels:
None

Description

The use of JNDI to access anything besides the java protocol has proven to be insecure. Use of anything but that must be disabled. JNDI needs to remain disabled by default.

Attachments

Issue Links

links to

GitHub Pull Request #645

Activity

People

Assignee:: Unassigned

Reporter:: Ralph Goers

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 16/Dec/21 07:20

Updated:: 25/Dec/21 05:21

Resolved:: 21/Dec/21 06:49