This article has been indexed from The Register – Security
Open-source logging library’s JNDI disabled entirely by default, message lookups removed
Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet.…
Read the original article: Apache dusts off, nukes insecure feature at the heart of Log4j from orbit with v2.16