Apache Log4j2 version 2.16.0 was released on 13th December 2021 to fix the vulnerability that was reported in CVE-2021-44228 for security issues related to JNDI. Require log4j2.enableJndi to be set to true to allow JNDI.
A new security vulnerability CVE-2021-45105 has been reported on 18 December 2021.
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.
https://nvd.nist.gov/vuln/detail/CVE-2021-45105
Apache has released version 2.17.0 to fix this issue of DOS (Denial of Service) attack.
Download the latest version: https://logging.apache.org/log4j/2.x/download.html
More Posts related to Java,
- [Fix] java.time.zone.ZoneRulesException: Unknown time-zone ID
- Parse XML file in Java using DOM Parser
- Java equals method - Tutorial
- [Program] How to read three different values using Scanner in Java
- Java: The value of the local variable string is not used
- Display Output in Java Console as a Table
- How to detect Operating System using Java code
- Java 8 Streams map() with examples
- [Fix] java: incompatible types: incompatible parameter types in lambda expression error
- Add newline character Java code example (\r \n \r\n)
- List of Java Major Minor Version Numbers
- IntelliJ Keyboard Shortcut to remove unused imports [Java]
- Java - Check if array contains the value
- [Fix] Java Exception with Lambda - Cannot invoke because object is null
- How to declare and initialize Array in Java Programming
- [Solved] com.sun.xml.ws.transport.http.servlet.WSServletContextListener ClassNotFoundException
- XmlRpcException ConnectException connection refused error
- Create a Zip file using Java Code programmatically
- List of jar files for Jax-ws (SOAP) based Java Web Services
- How to fix Java HTTP java.net.UnknownHostException
- List of jars required for Struts2 project
- [fix] java: incompatible types: double cannot be converted to java.lang.Integer Generics
- Maven BUILD FAILURE: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin
- Get the current timestamp in Java
- java: unclosed string literal [Error]
More Posts:
- Disable jQuery button after being click - jQuery
- How to check about details of Notepad++ text editor - NotepadPlusPlus
- Microsoft Office Excel - Couldnt Open the Workbook - The workbook cannot be opened. - Microsoft
- Delete Android Studio Projects - Android-Studio
- How to disable button in Bootstrap - Bootstrap
- ActivityManager Warning: Activity not started, its current task has been brought to the front - Android
- Remove Html head and body tags from ckeditor source - Html
- How to take Screenshot on Android device - Android