Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-3242

Limit JNDI to the java protocol only

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.16.0
    • 2.17.0, 2.12.3, 2.3.1
    • Core
    • None

    Description

      The use of JNDI to access anything besides the java protocol has proven to be insecure. Use of anything but that must be disabled. JNDI needs to remain disabled by default.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. LOG4J2-3201 Limit the protocols JNDI can use and restrict LDAP.

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #645

          Activity

            People

              Unassigned Unassigned
              rgoers Ralph Goers
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: