[ https://issues.apache.org/jira/browse/LOG4J2-3201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17456947#comment-17456947 ]
Volkan Yazici commented on LOG4J2-3201: --------------------------------------- [~e1knot], that is not in the radar of the team. Though we try hard to not introduce any backward incompatible changes in minor version updates, hence 2.13.x to 2.15.0 should be a smooth transition. Let us know if you happen to have any issues. > Limit the protocols jNDI can use and restrict LDAP. > --------------------------------------------------- > > Key: LOG4J2-3201 > URL: https://issues.apache.org/jira/browse/LOG4J2-3201 > Project: Log4j 2 > Issue Type: Bug > Components: Core > Reporter: Ralph Goers > Priority: Major > Fix For: 2.15.0 > > > LDAP needs to be limited in the servers and classes it can access. JNDI > should only support the java, ldap, and ldaps protocols by default. -- This message was sent by Atlassian Jira (v8.20.1#820001)