Apache Log4j2 version 2.16.0 was released on 13th December 2021 to fix the vulnerability that was reported in CVE-2021-44228 for security issues related to JNDI. Require log4j2.enableJndi to be set to true to allow JNDI.
A new security vulnerability CVE-2021-45105 has been reported on 18 December 2021.
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.
https://nvd.nist.gov/vuln/detail/CVE-2021-45105
Apache has released version 2.17.0 to fix this issue of DOS (Denial of Service) attack.
Download the latest version: https://logging.apache.org/log4j/2.x/download.html
More Posts related to Java,
- Java - Calculate time taken for the code to execute in milliseconds or nanoseconds
- Calculate Sum of List elements using Java Streams
- [Program] How to read three different values using Scanner in Java
- [Fix] Java Exception with Lambda - Cannot invoke because object is null
- Convert JSON String to Java GSON Object Example
- Unsupported major.minor version 52.0 in java
- What Java version is used for Minecraft 1.18
- Parse XML file in Java using DOM Parser
- Spring Boot Web + Thymeleaf Hello World Example in IntelliJ in 5 Easy Steps
- [fix] MySQL cj jdbc CommunicationsException: Communications link failure
- [Fix] java.time.zone.ZoneRulesException: Unknown time-zone ID
- [Java] Read a File with UTF-8 Encoding
- Your JBoss Application Server 7 is running However you have not yet added any users to be able to access the admin console
- Get Client IP address from HTTP Response in Java
- Java Join Strings with Comma Separator
- Unbound classpath container: JRE System Library [JavaSE-1.7]
- Java Read and Write Properties file with Examples
- Java SE JDBC with Prepared Statement Parameterized Select Example
- [fix] Java Spring Boot JPA SQLSyntaxErrorException: Encountered user at line 1 column 14
- [Solution] Java JDBC SQLException: No value specified for parameter 1
- import servlet API to eclipse project (javax.servlet cannot be resolved error)
- Java: TimeZone List with GMT/UTC Offset
- Java 8: Steam map with Code Examples
- Split a String in Java with Examples
- Add days/weeks/months/years to LocalDate in Java 8 and above examples
More Posts:
- Android: Unknown error code during application install : - Android
- Android ListView turns Black or Flickers while Scrolling - Android
- Android Studio Change SDK Path - Android
- How to Convert String to DateTime in Python - Python
- Share Image and Text on Instagram from Android App using Share Dialog - Android
- [Microsoft Teams 4c7] Modern authentication failed here, but you'll still be able to sign in. Your status code is 4c7 error - Microsoft
- Add Line Break in Microsoft Excel Cell on Mac (macOS) - MacOS
- How to Sync Microsoft Teams Calendar with Mac Calendar - Microsoft
