[jira] [Commented] (LOG4J2-3201) Limit the protocols jNDI can use and restrict LDAP.

pingqicao (Jira) Fri, 10 Dec 2021 00:39:05 -0800


    [ 
https://issues.apache.org/jira/browse/LOG4J2-3201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17456958#comment-17456958
 ]


pingqicao commented on LOG4J2-3201:
-----------------------------------

my project do not depends on log4j-core, but depends on log4j-api. after I 
viewed the codes your commit, I think this bug will not work in my application, 
is it correct?

[https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=7fe72d6]

[https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=d82b47c]

[https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=c77b3cb]

thanks

> Limit the protocols jNDI can use and restrict LDAP.
> ---------------------------------------------------
>
>                 Key: LOG4J2-3201
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3201
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Core
>            Reporter: Ralph Goers
>            Priority: Major
>             Fix For: 2.15.0
>
>
> LDAP needs to be limited in the servers and classes it can access. JNDI 
> should only support the java, ldap, and ldaps protocols by default.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (LOG4J2-3201) Limit the protocols jNDI can use and restrict LDAP.

Reply via email to