[ https://issues.apache.org/jira/browse/LOG4J2-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462699#comment-17462699 ]
Gary D. Gregory commented on LOG4J2-3230: ----------------------------------------- [~pmalone] Just update to 2.17.0 where JNDI is completely disabled by default and you get the latest fixes. > Certain strings can cause infinite recursion > -------------------------------------------- > > Key: LOG4J2-3230 > URL: https://issues.apache.org/jira/browse/LOG4J2-3230 > Project: Log4j 2 > Issue Type: Bug > Components: Core > Affects Versions: 2.8, 2.8.1, 2.8.2, 2.9.0, 2.9.1, 2.10.0, 2.11.0, 2.11.1, > 2.11.2, 2.12.0, 2.12.1, 2.13.0, 2.13.1, 2.13.2, 2.14.0, 2.13.3, 2.14.1, > 2.15.0, 2.16.0 > Reporter: Ross Cohen > Assignee: Carter Kozak > Priority: Major > Fix For: 2.17.0 > > Attachments: sample.tar.gz > > > If a string substitution is attempted for any reason on the following string, > it will trigger an infinite recursion, and the application will crash: > ${${::\-${::\-$${::\-j}}}}. -- This message was sent by Atlassian Jira (v8.20.1#820001)