[
https://issues.apache.org/jira/browse/LOG4J2-313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459366#comment-17459366
]
t boll commented on LOG4J2-313:
-------------------------------
Actually there is some evidence that this vulnerability can be exploited in all
versions. I have not tried this personally but the screenshots here seem quite
viable. [https://twitter.com/marcioalm/status/1470361495405875200?s=21]
> JNDI Lookup plugin support
> --------------------------
>
> Key: LOG4J2-313
> URL: https://issues.apache.org/jira/browse/LOG4J2-313
> Project: Log4j 2
> Issue Type: New Feature
> Reporter: Woonsan Ko
> Priority: Major
> Fix For: 2.0-beta9
>
> Attachments: jndi-lookup-plugin.patch
>
>
> Currently, Lookup plugins [1] don't support JNDI resources.
> It would be really convenient to support JNDI resource lookup in the
> configuration.
> One use case with JNDI lookup plugin is as follows:
> I'd like to use RoutingAppender [2] to put all the logs from the same web
> application context in a log file (a log file per web application context).
> And, I want to use JNDI resources look up to determine the target route
> (similarly to JNDI context selector of logback [3]).
> Determining the target route by JNDI lookup can be advantageous because we
> don't have to add any code to set properties for the thread context and JNDI
> lookup should always work even in a separate thread without copying thread
> context variables.
> [1] http://logging.apache.org/log4j/2.x/manual/lookups.html
> [2] http://logging.apache.org/log4j/2.x/manual/appenders.html#RoutingAppender
> [3] http://logback.qos.ch/manual/contextSelector.html
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
