Log4j2 sends a new version 2.16.0, which completely removes the support of message lookups and strengthens vulnerability defense

Time:2022-1-12

Yesterday, the Apache log4j team released a new version again: 2.16.0!

2.16.0 updates

  • JNDI access is disabled by default. Users need to configure log4j2 The enablejndi parameter is enabled
  • By default, the allowed protocols are Java, LDAP, and LDAP, and the LDAP protocol is restricted to accessing only Java original objects
  • Message lookups has been completely removed to strengthen vulnerability defense
  • Java project fhadmin cn

More details can be viewed on the official website: logging apache. org/log4j/2. x/

How to upgrade spring boot users

You can learn how to modify it through the following figure:

Log4j2 sends a new version 2.16.0, which completely removes the support of message lookups and strengthens vulnerability defense

This work adoptsCC agreement, reprint must indicate the author and the link to this article