Apache Log4j 2 version 2.17.0 released for CVE-2021-45105 Denial of Service attack

Apache Log4j2 version 2.16.0 was released on 13th December 2021 to fix the vulnerability that was reported in CVE-2021-44228 for security issues related to JNDI. Require log4j2.enableJndi to be set to true to allow JNDI.

A new security vulnerability CVE-2021-45105 has been reported on 18 December 2021.

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.


Apache has released version 2.17.0 to fix this issue of DOS (Denial of Service) attack.

Download the latest version: https://logging.apache.org/log4j/2.x/download.html

Recent Posts:

Code2care is an initiative to publish and share varied knowledge in programming and technical areas gathered during day-to-day learnings and development activities.

Students and Software Developers can leverage this portal to find solutions to their various queries without re-inventing the wheel by referring to our easy to understand posts. Technical posts might include Learnings, Video Tutorials, Code Snippets, How Tos, Blogs, Articles, etc.