Dear team
Hi.
According to Log4j vulnerability as I know one of the solution was
remove JndiLookup.class file from log4j-core-*.jar file .
But now we see other vulnerability :
upgrade to 2.17 or
Otherwise, in the configuration, remove references to Context Lookups
like ${ctx:loginId} or $${ctx:loginId} where they originate from
sources external to the application such as HTTP headers or user input.
1- Is that your mean remove class file (JndiLookup.class) cannot help us ?
2- Would you please say how we can do this on Linux systems ?
in the configuration, remove references to Context Lookups like
${ctx:loginId} or $${ctx:loginId} where they originate from sources
external to the application such as HTTP headers or user input.
Best regards.
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscr...@logging.apache.org
For additional commands, e-mail: log4j-user-h...@logging.apache.org
