Details
-
Sub-task
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
Trunk
-
None
-
Bug Crush Event - 21/2/2015
Description
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints:
https://logging.apache.org/log4j/2.x/security.html
I'm not sure we are concerned, have no time to check, better safe than sorry...
Attachments
Issue Links
- is cloned by
-
OFBIZ-12470 [SECURITY] CVE-2021-45105: Apache Log4j2
- Closed