Skip to content

Santhosh Ponnam

Technology Blog

  • Home
  • About
  • Technology
    • Java
    • ORM
  • Privacy Policy
  • Toggle search form
  • Log4J (RCE) Vulnerability Java
  • Sonar Qube – Code Coverage and Code Quality Tool Installations and Configurations
  • hashCode and equals methods in java Java
  • Why to have a private constructor? Java
  • Consent Management – DPDP Spring Boot HikariCP Connection Pooling
  • HikariCP Configurations – Database Connection Pooling Installations and Configurations
  • Windows Commands – kill port number Installations and Configurations
  • Setting Environment Variables in Windows Java

Log4j Vulnerability / Version Upgrade to 2.16.0 by Apache Team

Posted on December 14, 2021December 22, 2021 By Santhosh Ponnam

A new version of Log4j with 2.16.0 has been released to address the JNDI issue to further prevent the CVE-2021-44228 permanently.

While release 2.15.0 removed the ability to resolve Lookups and log messages and addressed issues with how JNDI is accessed, the Log4j team feels that having JNDI enabled by default introduces an undue risk for users. Starting in version 2.16.0, JNDI functionality is disabled by default and can be re-enabled via log4j2.enableJndi system property. Use of JNDI in an unprotected context is a large security risk and should be treated as such in both library and all other Java libraries using JNDI.

Prior to version 2.15.0, Log4j would automatically resolve Lookups contained in the message or its parameters in the Pattern Layout. This behaviour is no longer the default and must be enabled by specifying %msf{lookup}.

You may go through my earlier links to know more about the Log4j Vulnerability and its remediation in detail: https://santhoshponnam.com/index.php/2021/12/11/log4j-rce-vulnerability/

More Information can be found at : https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4

Java Tags:log4j, log4j vulnerability, log4jfix

Post navigation

Previous Post: Fixing Log4j Vulnerability
Next Post: Another Log4j Bug – DoS

Related Posts

  • Unique Random ‘N’ digit Number generator Java
  • Setting Environment Variables in Windows Java
  • Why to have a private constructor? Java
  • Another Log4j Bug – DoS Java
  • Log4J (RCE) Vulnerability Java
  • Fixing Log4j Vulnerability Java

Recent Posts

  • Consent Management – DPDP
  • Another Log4j Bug – DoS
  • Log4j Vulnerability / Version Upgrade to 2.16.0 by Apache Team
  • Fixing Log4j Vulnerability
  • Log4J (RCE) Vulnerability

Categories

  • Installations and Configurations
  • Java
  • ORM
  • Spring Boot
  • Spring Boot HikariCP Connection Pooling

Archives

  • June 2025
  • December 2021
  • August 2021
  • November 2020
  • March 2020
  • August 2018
  • November 2016
  • August 2016

Recent Posts

  • Consent Management – DPDP
  • Another Log4j Bug – DoS
  • Log4j Vulnerability / Version Upgrade to 2.16.0 by Apache Team
  • Fixing Log4j Vulnerability
  • Log4J (RCE) Vulnerability

Categories

  • Installations and Configurations
  • Java
  • ORM
  • Spring Boot
  • Spring Boot HikariCP Connection Pooling

Archives

  • June 2025
  • December 2021
  • August 2021
  • November 2020
  • March 2020
  • August 2018
  • November 2016
  • August 2016




Recent Posts

  • Consent Management – DPDP
  • Another Log4j Bug – DoS
  • Log4j Vulnerability / Version Upgrade to 2.16.0 by Apache Team
  • Fixing Log4j Vulnerability
  • Log4J (RCE) Vulnerability

Categories

  • Installations and Configurations
  • Java
  • ORM
  • Spring Boot
  • Spring Boot HikariCP Connection Pooling
  • Fixing Log4j Vulnerability Java
  • Unique Random ‘N’ digit Number generator Java
  • Log4J (RCE) Vulnerability Java
  • HikariCP Connection Pooling for Spring Boot for 1.x version Spring Boot
  • Windows Commands – kill port number Installations and Configurations
  • HikariCP Configurations – Database Connection Pooling Installations and Configurations
  • Another Log4j Bug – DoS Java
  • Consent Management – DPDP Spring Boot HikariCP Connection Pooling

Copyright © 2025 Santhosh Ponnam.

Powered by PressBook News WordPress theme