[jira] [Commented] (LOG4J2-3242) Limit JNDI to the java protocol only

ASF subversion and git services (Jira) Mon, 20 Dec 2021 11:59:05 -0800


    [ 
https://issues.apache.org/jira/browse/LOG4J2-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462818#comment-17462818
 ]


ASF subversion and git services commented on LOG4J2-3242:
---------------------------------------------------------

Commit f6564bb993d547d0a371b75d869042c334bf57f0 in logging-log4j2's branch 
refs/heads/log4j-2.3.x from Ralph Goers
[ https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=f6564bb ]

LOG4J2-3242 - Limit JNDI to the java protocol


> Limit JNDI to the java protocol only
> ------------------------------------
>
>                 Key: LOG4J2-3242
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3242
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.16.0
>            Reporter: Ralph Goers
>            Priority: Major
>             Fix For: 2.17.1
>
>
> The use of JNDI to access anything besides the java protocol has proven to be 
> insecure. Use of anything but that must be disabled. JNDI needs to remain 
> disabled by default.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (LOG4J2-3242) Limit JNDI to the java protocol only

Reply via email to