Apache Log4j 2.16.0 available for download, JNDI is now disabled by default

December 14, 2021

Is Copilot the best AI companion out there? Help us find out by answering a couple of quick questions!

Microsoft Chinese hackers

The Apache Log4j 2 team today released Log4j 2.16.0 with two major changes.

  • To prevent CVE-2021-44228, Message Lookups feature is removed in this release.
  • In the previous 2.15.0 release, the ability to resolve Lookups and log messages was removed. But having JNDI enabled by default will put users under risk. With 2.16.0 release, JNDI feature is disabled by default. Users who need this feature can enable this feature by using log4j2.enablejndi system property.

Thanks to the Apache Logging Services Project Management Committee (PMC) for working around the clock to get the release out so quickly. This will help thousands of organizations to protect themselves from external attacks on their Apache servers.

Source: Apache

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}