Glavo commented on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990536602
I provide a patch library to solve this vulnerability (disable JNDI lookup): [Glavo/log4j-patch](https://github.com/Glavo/log4j-patch) It provides an empty `JndiLookup`, and you can disable JNDI lookup by simply attaching it to the front of the classpath. I've publish it to the Maven repository (It's [JitPack](https://jitpack.io) for the time being, and it's preparing to release it to Maven Central), perhaps adding it as the first dependency will solve the problem (To be tested). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
