[logging-log4j-site] branch asf-staging updated: Fix typos

Thu, 09 Dec 2021 22:31:40 -0800 

This is an automated email from the ASF dual-hosted git repository.

rgoers pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git


The following commit(s) were added to refs/heads/asf-staging by this push:
     new 1f5b4d7  Fix typos
1f5b4d7 is described below

commit 1f5b4d70522f1b2384a3b6d0420b1d0caa18f1dd
Author: Ralph Goers <[email protected]>
AuthorDate: Thu Dec 9 23:30:20 2021 -0700

    Fix typos
---
 log4j-2.15.0/index.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/log4j-2.15.0/index.html b/log4j-2.15.0/index.html
index ee09c06..a0f3f22 100644
--- a/log4j-2.15.0/index.html
+++ b/log4j-2.15.0/index.html
@@ -200,11 +200,11 @@
 
 <p>Log4j’s JNDI support has not restricted what names could be resolved. Some 
protocols are unsafe or can allow remote code execution. Log4j now limits the 
protocols by default to only java, ldap, and ldaps and limits the ldap 
protocols to only accessing Java primitive objects by default served on the 
local host.</p>
 
-<p>One vector that allowed exposure to this vulnerability was Log4j’s 
allowance of Lookups to appear in log messages. As of Log4j 2.15.0 this feature 
is now disabled by default. While an option has been provided to enable Lookups 
in this fashion users are strongly discouraged from enabling it.</p>
+<p>One vector that allowed exposure to this vulnerability was Log4j’s 
allowance of Lookups to appear in log messages. As of Log4j 2.15.0 this feature 
is now disabled by default. While an option has been provided to enable Lookups 
in this fashion, users are strongly discouraged from enabling it.</p>
 
 <p>Users who cannot upgrade to 2.15.0 can mitigate the exposure by:
 <ul>
-<li>>Users of Log4j 2.10 or greater may add -Dlog4j.formatMsgNoLookups=true as 
a command line option or add log4j.formatMsgNoLookups to a 
log4j2.component.properties file on the classpath to prevent lookups in log 
event messages.</li>
+<li>>Users of Log4j 2.10 or greater may add -Dlog4j.formatMsgNoLookups=true as 
a command line option or add log4j.formatMsgNoLookups=true to a 
log4j2.component.properties file on the classpath to prevent lookups in log 
event messages.</li>
 <li>>Users since Log4j 2.7 may specify %m{nolookups} in the PatternLayout 
configuration to prevent lookups in log event messages.</li>
 <li>>Remove the JndiLookup and JndiManager classes from the log4j-core jar. 
Removal of the JndiManager will cause the JndiContextSelector and JMSAppender 
to no longer function.</li>
 </ul>

Reply via email to