Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-3242

Limit JNDI to the java protocol only

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.16.0
    • 2.17.0, 2.12.3, 2.3.1
    • Core
    • None

    Description

      The use of JNDI to access anything besides the java protocol has proven to be insecure. Use of anything but that must be disabled. JNDI needs to remain disabled by default.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              rgoers Ralph Goers
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: