[jira] [Commented] (LOG4J2-3242) Limit JNDI to the java protocol only

ASF subversion and git services (Jira) Sun, 19 Dec 2021 18:35:04 -0800


    [ 
https://issues.apache.org/jira/browse/LOG4J2-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462359#comment-17462359
 ]


ASF subversion and git services commented on LOG4J2-3242:
---------------------------------------------------------

Commit b2a0e47fe4151935c4ea2005b6f3818799e76f38 in logging-log4j2's branch 
refs/heads/log4j-2.12 from Remko Popma
[ https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=b2a0e47 ]

[DOC] Update log4j-2.12 Changes page to include LOG4J2-3242 renamed 
enableJndiXxx properties


> Limit JNDI to the java protocol only
> ------------------------------------
>
>                 Key: LOG4J2-3242
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3242
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.16.0
>            Reporter: Ralph Goers
>            Priority: Major
>             Fix For: 2.17.1
>
>
> The use of JNDI to access anything besides the java protocol has proven to be 
> insecure. Use of anything but that must be disabled. JNDI needs to remain 
> disabled by default.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (LOG4J2-3242) Limit JNDI to the java protocol only

Reply via email to