[jira] [Commented] (LOG4J2-3242) Limit JNDI to the java protocol only

ASF subversion and git services (Jira) Fri, 17 Dec 2021 12:49:03 -0800


    [ 
https://issues.apache.org/jira/browse/LOG4J2-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17461664#comment-17461664
 ]


ASF subversion and git services commented on LOG4J2-3242:
---------------------------------------------------------

Commit 4a4b7530b1848e630a65d79e9c7dc388a5a7785b in logging-log4j2's branch 
refs/heads/release-2.x from Gary Gregory
[ https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=4a4b753 ]

[LOG4J2-3242] Rename JNDI enablement property from 'log4j2.enableJndi'
to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', and
'log4j2.enableJndiContextSelector'.


> Limit JNDI to the java protocol only
> ------------------------------------
>
>                 Key: LOG4J2-3242
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3242
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.16.0
>            Reporter: Ralph Goers
>            Priority: Major
>             Fix For: 2.16.1
>
>
> The use of JNDI to access anything besides the java protocol has proven to be 
> insecure. Use of anything but that must be disabled. JNDI needs to remain 
> disabled by default.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (LOG4J2-3242) Limit JNDI to the java protocol only

Reply via email to