I2P Address: [http://git.idk.i2p]

Skip to content
Snippets Groups Projects
Verified Commit c4cfe420 authored by idk's avatar idk
Browse files

disable any chance of JNDI lookups in log4j.properties file by setting... 

disable any chance of JNDI lookups in log4j.properties file by setting %m{nolookups}. I don't think we're actually vulnerable to CVE-2021-44228 if I'm understanding correctly, by default it doesn't seem like we actually use log4j for much of anything and we don't do much logging of arbitrarily crafted remote inputs, but also it seems like this JNDI lookups thing is way more trouble than it could possibly be worth to us. Maybe it's a good idea to make sure it's turned off by default.
parent 14c5d54f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/jetty/resources/log4j.properties
+ 1
1
View file @ c4cfe420
...@@ -5,5 +5,5 @@ log4j.rootLogger=INFO, stdout ...@@ -5,5 +5,5 @@ log4j.rootLogger=INFO, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n log4j.appender.stdout.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m{nolookups}%n
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Base32 Address: [http://7qeve4v2chmjdqlwpa3vl7aojf3nodbku7vepnjwrsxljzqipz6a.b32.i2p] Onion Address: [http://47ggr2fa3vnwfyhvgskzdmr3i32eijwymxohtxsls45dulmriwxszjad.onion]