[jira] [Commented] (LOG4J2-3242) Limit JNDI to the java protocol only

ASF subversion and git services (Jira) Wed, 15 Dec 2021 23:26:06 -0800


    [ 
https://issues.apache.org/jira/browse/LOG4J2-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17460449#comment-17460449
 ]


ASF subversion and git services commented on LOG4J2-3242:
---------------------------------------------------------

Commit 95b24f77e77e4f1e5cc794df5332643e944fd6f8 in logging-log4j2's branch 
refs/heads/release-2.x from Ralph Goers
[ https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=95b24f7 ]

LOG4J2-3242 - Limit JNDI to only the java protocol.


> Limit JNDI to the java protocol only
> ------------------------------------
>
>                 Key: LOG4J2-3242
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3242
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.16.0
>            Reporter: Ralph Goers
>            Priority: Major
>             Fix For: 2.16.1
>
>
> The use of JNDI to access anything besides the java protocol has proven to be 
> insecure. Use of anything but that must be disabled. JNDI needs to remain 
> disabled by default.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (LOG4J2-3242) Limit JNDI to the java protocol only

Reply via email to