Apache Log4j 2 version 2.17.0 released for CVE-2021-45105 Denial of Service attack


Apache Log4j2 version 2.16.0 was released on 13th December 2021 to fix the vulnerability that was reported in CVE-2021-44228 for security issues related to JNDI. Require log4j2.enableJndi to be set to true to allow JNDI.



A new security vulnerability CVE-2021-45105 has been reported on 18 December 2021.

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.

https://nvd.nist.gov/vuln/detail/CVE-2021-45105


Apache has released version 2.17.0 to fix this issue of DOS (Denial of Service) attack.



Download the latest version: https://logging.apache.org/log4j/2.x/download.html






Recent Posts:




Code2care is an initiative to publish and share varied knowledge in programming and technical areas gathered during day-to-day learnings and development activities.

Students and Software Developers can leverage this portal to find solutions to their various queries without re-inventing the wheel by referring to our easy to understand posts. Technical posts might include Learnings, Video Tutorials, Code Snippets, How Tos, Blogs, Articles, etc.