Operation and MaintenanceApacheApache Log4j 2.17.0 has been released! See what problem was solved?
Apache Log4j version 2.17.0 has been officially released, solving the third discovered security vulnerability, CVE-2021-45105.
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 do not prevent uncontrolled recursion of self-referential lookups. When the log configuration uses a non-default Pattern Layout and Context Lookup (for example, $${ctx:loginId}), an attacker who controls the thread context map (MDC) input data can craft malicious input data containing recursive lookups, causing a StackOverflowError. Thereby terminating the process. This is also called a DoS attack. [Recommended: Apache Usage Tutorial]
Starting from version 2.17.0 (for Java 8), only the search string in the configuration will be recursively expanded; in any other usage, Only top-level lookups are parsed, not any nested lookups.
In previous versions, this issue could be mitigated by ensuring that your logging configuration did the following:
In the logging configuration In the PatternLayout, replace Context Lookups such as ${ctx:loginId} or $${ctx:loginId} with the Thread Context Map pattern (%X, %mdc or %MDC).
Otherwise, remove references to Context Lookups such as ${ctx:loginId} or ${ctx:loginId} in the configuration; they originate from sources outside the application, such as HTTP headers or user input..
The specific updates of version 2.17.0 include:
Fixed string replacement recursion. Fix LOG4J2-3230
Restrict JNDI to java protocol only. By default, JNDI will remain disabled. Renamed JNDI enable properties from "log4j2.enableJndi" to "log4j2.enableJndiLookup", "log4j2.enableJndiJms", and "log4j2.enableJndiContextSelector". Fix LOG4J2-3242
JNDI is limited to java protocol. By default, JNDI will remain disabled. The enable property has been renamed to "log4j2.enableJndiJava". Fix LOG4J2-3242
Do not declare log4j-api-java9 and log4j-core-java9 as dependencies as this will cause problems with the Maven enforcer plugin. Fix LOG4J2-3241
PropertiesConfiguration.parseAppenderFilters NPE when parsing properties file filters. Fix LOG4J2-3247
#Syslog Appender's Log4j 1.2 bridge defaults to port 512 instead of 514. Fix LOG4J2-3249
Log4j 1.2 bridge API hardcodes Syslog protocol to TCP. Fix LOG4J2-3237
The above is the detailed content of Apache Log4j 2.17.0 has been released! See what problem was solved?. For more information, please follow other related articles on the PHP Chinese website!
What Apache is Known For: Key Features and AchievementsApr 18, 2025 am 12:03 AMApacheHTTPServer has become a leader in the field of web servers for its modular design, high scalability, security and performance optimization. 1. Modular design supports various protocols and functions by loading different modules. 2. Highly scalable to adapt to the needs of small to large applications. 3. Security protects the website through mod_security and multiple authentication mechanisms. 4. Performance optimization improves loading speed through data compression and caching.
The Enduring Relevance of Apache: Examining Its Current StatusApr 17, 2025 am 12:06 AMApacheHTTPServer remains important in modern web environments because of its stability, scalability and rich ecosystem. 1) Stability and reliability make it suitable for high availability environments. 2) A wide ecosystem provides rich modules and extensions. 3) Easy to configure and manage, and can be quickly started even for beginners.
Apache's Popularity: Reasons for Its SuccessApr 16, 2025 am 12:05 AMThe reasons for Apache's success include: 1) strong open source community support, 2) flexibility and scalability, 3) stability and reliability, and 4) a wide range of application scenarios. Through community technical support and sharing, Apache provides flexible modular design and configuration options, ensuring its adaptability and stability under a variety of needs, and is widely used in different scenarios from personal blogs to large corporate websites.
Apache's Legacy: What Made It Famous?Apr 15, 2025 am 12:19 AMApachebecamefamousduetoitsopen-sourcenature,modulardesign,andstrongcommunitysupport.1)Itsopen-sourcemodelandpermissiveApacheLicenseencouragedwidespreadadoption.2)Themodulararchitectureallowedforextensivecustomizationandadaptability.3)Avibrantcommunit
The Advantages of Apache: Performance and FlexibilityApr 14, 2025 am 12:08 AMApache's performance and flexibility make it stand out in a web server. 1) Performance advantages are reflected in efficient processing and scalability, which are implemented through multi-process and multi-threaded models. 2) Flexibility stems from the flexibility of modular design and configuration, allowing modules to be loaded and server behavior adjusted according to requirements.
What to do if the apache80 port is occupiedApr 13, 2025 pm 01:24 PMWhen the Apache 80 port is occupied, the solution is as follows: find out the process that occupies the port and close it. Check the firewall settings to make sure Apache is not blocked. If the above method does not work, please reconfigure Apache to use a different port. Restart the Apache service.
How to solve the problem that apache cannot be startedApr 13, 2025 pm 01:21 PMApache cannot start because the following reasons may be: Configuration file syntax error. Conflict with other application ports. Permissions issue. Out of memory. Process deadlock. Daemon failure. SELinux permissions issues. Firewall problem. Software conflict.
How to set the cgi directory in apacheApr 13, 2025 pm 01:18 PMTo set up a CGI directory in Apache, you need to perform the following steps: Create a CGI directory such as "cgi-bin", and grant Apache write permissions. Add the "ScriptAlias" directive block in the Apache configuration file to map the CGI directory to the "/cgi-bin" URL. Restart Apache.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
WebStorm Mac version
Useful JavaScript development tools
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
Atom editor mac version download
The most popular open source editor
