| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by layer8 1649 days ago
	It’s still an issue with current JDKs in certain environments (e.g. Tomcat), see https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Inj... and https://www.veracode.com/blog/research/exploiting-jndi-injec.... Also, 8u121 was an incomplete fix, the complete fix (still with limitations as noted above) is in 8u191 (see second link above).