Apache Log4j 2 version 2.17.0 released for CVE-2021-45105 Denial of Service attack

Apache Log4j2 version 2.16.0 was released on 13th December 2021 to fix the vulnerability that was reported in CVE-2021-44228 for security issues related to JNDI. Require log4j2.enableJndi to be set to true to allow JNDI.

A new security vulnerability CVE-2021-45105 has been reported on 18 December 2021.

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.


Apache has released version 2.17.0 to fix this issue of DOS (Denial of Service) attack.

Download the latest version: https://logging.apache.org/log4j/2.x/download.html

Topics Coverage:

🎉 We are celebrating the 10th years of Code2care! Thank you for all your support!

We strongly support Gender Equality & Diversity.

Follow Us: GitHub | Facebook | Twitter | Instagram