Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Add flag to disable log4j lookup by default #111

Closed
blalop opened this issue Dec 22, 2021 · 0 comments
Closed

[FEATURE] Add flag to disable log4j lookup by default #111

blalop opened this issue Dec 22, 2021 · 0 comments
Assignees
@blalop
Labels
enhancement

Comments

@blalop
Copy link
Member

blalop commented Dec 22, 2021

Description

Because of several CVEs related to log4j JNDI vulnerabilities, it would be nice to add the following flag by default

-Dlog4j2.formatMsgNoLookups=true

Why is this needed?

To prevent the exploit

Additional Information

CVE-2021-44228
@blalop blalop self-assigned this Dec 22, 2021
blalop added a commit that referenced this issue Dec 23, 2021
@blalop
#111 add log4shell prevention flag by default
8b01038
@blalop blalop mentioned this issue Dec 23, 2021
Merged
blalop added a commit that referenced this issue Dec 23, 2021
@blalop
Merge pull request #112 from idealista/features/111
c4b5d6d 
#111 add log4shell prevention flag by default
@blalop blalop closed this as completed Dec 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@blalop blalop

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@blalop