[
https://issues.apache.org/jira/browse/LOG4J2-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17465141#comment-17465141
]
ASF subversion and git services commented on LOG4J2-3242:
---------------------------------------------------------
Commit 14e307ac825f9c169f8c14203c680564d1943ac2 in logging-log4j2's branch
refs/heads/master from Ralph Goers
[ https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=14e307a ]
LOG4J2-3242 - Move JNDI to its own module. Require a system property to enable
JNDI features. Limit JNDI to the java protocol
> Limit JNDI to the java protocol only
> ------------------------------------
>
> Key: LOG4J2-3242
> URL: https://issues.apache.org/jira/browse/LOG4J2-3242
> Project: Log4j 2
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.16.0
> Reporter: Ralph Goers
> Priority: Major
> Fix For: 2.17.0, 2.12.3, 2.3.1
>
>
> The use of JNDI to access anything besides the java protocol has proven to be
> insecure. Use of anything but that must be disabled. JNDI needs to remain
> disabled by default.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
