[
https://issues.apache.org/jira/browse/LOG4J2-3201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459287#comment-17459287
]
Siri commented on LOG4J2-3201:
------------------------------
Any ETA on 2.12.2 release to maven central? Also as Jeremy Li asked, any
plans to do for other versions especially 2.3 It would be tremendously helpful
legacy enterprise apps still running old versions of java but can't upgrade
immediately. thanks
> Limit the protocols jNDI can use and restrict LDAP.
> ---------------------------------------------------
>
> Key: LOG4J2-3201
> URL: https://issues.apache.org/jira/browse/LOG4J2-3201
> Project: Log4j 2
> Issue Type: Bug
> Components: Core
> Reporter: Ralph Goers
> Priority: Major
> Fix For: 2.15.0
>
>
> LDAP needs to be limited in the servers and classes it can access. JNDI
> should only support the java, ldap, and ldaps protocols by default.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
