Apache Log4j2 version 2.16.0 was released on 13th December 2021 to fix the vulnerability that was reported in CVE-2021-44228 for security issues related to JNDI. Require log4j2.enableJndi to be set to true to allow JNDI.
A new security vulnerability CVE-2021-45105 has been reported on 18 December 2021.
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.
https://nvd.nist.gov/vuln/detail/CVE-2021-45105
Apache has released version 2.17.0 to fix this issue of DOS (Denial of Service) attack.
Download the latest version: https://logging.apache.org/log4j/2.x/download.html
More Posts related to Java,
- Exception in thread main java.lang.NoClassDefFoundError: package javaClass
- connection.url property value in hibernate.cfg.xml for mysql
- List of Java Major Minor Version Numbers
- Java 8 foreach loop code examples
- Your JBoss Application Server 7 is running However you have not yet added any users to be able to access the admin console
- Country ISO Codes List
- 7 deadly java.lang.OutOfMemoryError in Java Programming
- [Hibernate] The method buildSessionFactory() from the type Configuration is deprecated
- List of Online Java compiler with console
- Using Java 8 Month Enum with Examples
- Unhandled exception type InterruptedException : Java Threads
- Difference between using Scanner Class and String args for user input in Java
- Java: TimeZone List with GMT/UTC Offset
- BeanDefinitionStoreException IOException parsing XML document from class path resource [spring.xml]
- Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end users experience
- Simple Struts 2 Tutorial in eclipse with tomcat 7 server
- Minecraft Java Edition
- 5+ Fibonacci number Series Java Program Examples [ 0 1 1 2 3 ..]
- Java -Day of the week using Java 8 DayOfWeek Enum
- Error: Can not find the tag library descriptor for
- java: unclosed string literal [Error]
- Remove Trailing zeros BigDecimal Java
- Formatting Double in Java [Examples]
- Java TLSv1.3 protocol code example using SSLSocket
- java.io.IOException: Unable to locate resource handler.properties
More Posts:
- What is Bootstrap Jumbotron and how to use it - Bootstrap
- How to save webpage as pdf using macOS Safari - MacOS
- How to get Spotify macOS App installed on Mac device - MacOS
- Hotstar Disney+ mobile app test push notification - News
- SharePoint installation - Appfabric installation failed because installer MSI returned with error code:1603 - SharePoint