Apache Log4j2 version 2.16.0 was released on 13th December 2021 to fix the vulnerability that was reported in CVE-2021-44228 for security issues related to JNDI. Require log4j2.enableJndi to be set to true to allow JNDI.
A new security vulnerability CVE-2021-45105 has been reported on 18 December 2021.
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.
https://nvd.nist.gov/vuln/detail/CVE-2021-45105
Apache has released version 2.17.0 to fix this issue of DOS (Denial of Service) attack.
Download the latest version: https://logging.apache.org/log4j/2.x/download.html
More Posts related to Java,
- Get the current timestamp in Java
- Java Stream with Multiple Filters Example
- Java SE JDBC with Prepared Statement Parameterized Select Example
- Fix: UnsupportedClassVersionError: Unsupported major.minor version 63.0
- [Fix] Java Exception with Lambda - Cannot invoke because object is null
- 7 deadly java.lang.OutOfMemoryError in Java Programming
- How to Calculate the SHA Hash Value of a File in Java
- Java JDBC Connection with Database using SSL (https) URL
- How to Add/Subtract Days to the Current Date in Java
- Create Nested Directories using Java Code
- Spring Boot: JDBCTemplate BatchUpdate Update Query Example
- What is CA FE BA BE 00 00 00 3D in Java Class Bytecode
- Save Java Object as JSON file using Jackson Library
- Adding Custom ASCII Text Banner in Spring Boot Application
- [Fix] Java: Type argument cannot be of primitive type generics
- List of New Features in Java 11 (JEPs)
- Java: How to Add two Maps with example
- Java JDBC Transition Management using PreparedStatement Examples
- Understanding and Handling NullPointerException in Java: Tips and Tricks for Effective Debugging
- Steps of working with Stored Procedures using JDBCTemplate Spring Boot
- Java 8 java.util.Function and BiFunction Examples
- The Motivation Behind Generics in Java Programming
- Get Current Local Date and Time using Java 8 DateTime API
- Java: Convert Char to ASCII
- Deep Dive: Why avoid java.util.Date and Calendar Classes
More Posts:
- How to Add a horizontal line in Android Layout - Android
- Calculate days between dates using dateutils ddiff command - Linux
- Reading JSON file in Python with Examples - Python
- Error 404 Tomcat homepage http://localhost:8080/ not displayed - Tomcat
- 5+ Fibonacci number Series Java Program Examples [ 0 1 1 2 3 ..] - Java
- pip install see the list of all available versions of package - PIP
- Tomcat Manager Default Username and Password - Tomcat
- Open Terminal in Finder Current Location - MacOS