Apache Log4j 2.16.0 available for download, JNDI is now disabled by default

Home » News

Reading time icon 1 min. read

Calendar icon Published on

by Pradeep Viswav 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Microsoft Chinese hackers

The Apache Log4j 2 team today released Log4j 2.16.0 with two major changes.

  • To prevent CVE-2021-44228, Message Lookups feature is removed in this release.
  • In the previous 2.15.0 release, the ability to resolve Lookups and log messages was removed. But having JNDI enabled by default will put users under risk. With 2.16.0 release, JNDI feature is disabled by default. Users who need this feature can enable this feature by using log4j2.enablejndi system property.

Thanks to the Apache Logging Services Project Management Committee (PMC) for working around the clock to get the release out so quickly. This will help thousands of organizations to protect themselves from external attacks on their Apache servers.

Source: Apache

Pradeep Viswav

Pradeep Viswav Shield

Software and Services Expert

Pradeep is a Computer Science and Engineering Graduate. He was also a Microsoft Student Partner. He is currently working in a leading IT company.

User forum

0 messages