Technology Blog
Denial of Service (DoS) which is another Log4J Bug reported over the last couple of days after the fix for JNDI is provided. Apache Issues Fix and the new Log4j vulnerability is similar to Log4Shell but this DoS flaw has to do with Context Map lookups. Apache released another patch version 2.17.0 to address the…
A new version of Log4j with 2.16.0 has been released to address the JNDI issue to further prevent the CVE-2021-44228 permanently. While release 2.15.0 removed the ability to resolve Lookups and log messages and addressed issues with how JNDI is accessed, the Log4j team feels that having JNDI enabled by default introduces an undue risk…
Read More “Log4j Vulnerability / Version Upgrade to 2.16.0 by Apache Team” »
The easiest way to remediate this is to update to log4j version 2.15.0 or later, as this behavior is now disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting the system property log4j2.formatMsgNoLookups to true by adding the following Java parameter: -Dlog4j2.formatMsgNoLookups=true Alternatively, you can mitigate this vulnerability by removing…