|
|
|
|
|
|
by tie_
1647 days ago
|
|
|
Insightful conversations at https://github.com/apache/logging-log4j2/pull/608 - the original vulnerability patch. Most JNDI lookups are disabled, except for JAVA and _LDAP(S)_. What I don't get is why would someone who knows about the vulnerability would _still_ want to do LDAP lookups during logging, even when restricted to localhost. |
|
|