Glavo edited a comment on pull request #608: URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990620253
[Glavo/log4j-patch](https://github.com/Glavo/log4j-patch) has been published to Maven Central. If anyone cannot update to 2.15, he/she only needs to add log4j-patch as the first dependency, and JNDI will be disabled. This is a **non-intrusive** patch that allows you to block this vulnerability without modifying the program code/updating the dependent. So you can use it to patch third-party programs, such as Minecraft. Maven: ```xml <dependency> <groupId>org.glavo</groupId> <artifactId>log4j-patch</artifactId> <version>1.0</version> </dependency> ``` Gradle: ```groovy dependencies { implementation 'org.glavo:log4j-patch:1.0' } ``` Gradle Kotlin DSL: ```kotlin dependencies { implementation("org.glavo:log4j-patch:1.0") } ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org