[
https://issues.apache.org/jira/browse/LOG4J2-3201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17453517#comment-17453517
]
ASF subversion and git services commented on LOG4J2-3201:
---------------------------------------------------------
Commit c77b3cb39312b83b053d23a2158b99ac7de44dd3 in logging-log4j2's branch
refs/heads/release-2.x from Ralph Goers
[ https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=c77b3cb ]
Restrict LDAP access via JNDI (#608)
* Restrict LDAP access via JNDI
* Disable most JNDI protocols
* Rename test. Various minor fixes
* LOG4J2-3201 - Limit the protocols JNDI can use by default. Limit the servers
and classes that can be accessed via LDAP.
> Limit the protocols jNDI can use and restrict LDAP.
> ---------------------------------------------------
>
> Key: LOG4J2-3201
> URL: https://issues.apache.org/jira/browse/LOG4J2-3201
> Project: Log4j 2
> Issue Type: Bug
> Components: Core
> Reporter: Ralph Goers
> Priority: Major
>
> LDAP needs to be limited in the servers and classes it can access. JNDI
> should only support the java, ldap, and ldaps protocols by default.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
