Yesterday, the Apache log4j team released a new version again: 2.16.0!
- JNDI access is disabled by default. Users need to configure log4j2 The enablejndi parameter is enabled
- By default, the allowed protocols are Java, LDAP, and LDAP, and the LDAP protocol is restricted to accessing only Java original objects
- Message lookups has been completely removed to strengthen vulnerability defense
- Java project fhadmin cn
More details can be viewed on the official website: logging apache. org/log4j/2. x/
How to upgrade spring boot users
You can learn how to modify it through the following figure: