Apache Log4j 2 version 2.17.0 released for CVE-2021-45105 Denial of Service attack


Apache Log4j2 version 2.16.0 was released on 13th December 2021 to fix the vulnerability that was reported in CVE-2021-44228 for security issues related to JNDI. Require log4j2.enableJndi to be set to true to allow JNDI.



A new security vulnerability CVE-2021-45105 has been reported on 18 December 2021.

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.

https://nvd.nist.gov/vuln/detail/CVE-2021-45105


Apache has released version 2.17.0 to fix this issue of DOS (Denial of Service) attack.



Download the latest version: https://logging.apache.org/log4j/2.x/download.html




Topics Coverage:


🎉 We are celebrating the 10th years of Code2care! Thank you for all your support!

We strongly support Gender Equality & Diversity.

Follow Us: GitHub | Facebook | Twitter | Instagram