Milanka00 commented on issue #4036: URL: https://github.com/apache/logging-log4j2/issues/4036#issuecomment-3852502567
Hi all, I am experiencing the same issue while upgrading Apache Log4j from 2.24.3 to 2.25.3 in response to the reported vulnerability [1]. While debugging, it appears that this behavior was introduced by the newly added method `processRemainingProperties` [2]. Would it be possible to address this and release a fix? Since this was a minor version upgrade, it would ideally not introduce breaking or incompatible changes to existing log4j2.properties configurations. Thank you for looking into this. [1] [CVE-2025-68161](https://nvd.nist.gov/vuln/detail/CVE-2025-68161) [2] [processRemainingProperties](https://github.com/apache/logging-log4j2/blame/4f474b32751f4ccad67424ca585612584440cd63/log4j-core/src/main/java/org/apache/logging/log4j/core/config/properties/PropertiesConfigurationBuilder.java#L197) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
