Log4J JNDI Remove Utility

Some days ago, There was big shocking security issue disclosed about Log4J JNDI exploit vulnerability.

It was almost veiled over 8 years!

Some kind of worried thing blows in my head because it's very most used Logger API ever.

But we have to get a chance to recover it.

Not fully complete, but complementary thing is here. It's a way to remove JndiLookup.class in Log4J jar files.

So I introduce a utility for removing JNDI class in jars by batch processing from top level directory.

Download and execute jar like 'java -jar log4j-jndi-remover.jar', then you can fix your applications and services.

• For JDK 1.8
  https://github.com/9ins/console-input-manager/blob/5816b6b7b49013074e5be9705583560fa8ffd60f/log4j-jndi-remover-java8.jar

• For JDK 11
  https://github.com/9ins/console-input-manager/blob/5816b6b7b49013074e5be9705583560fa8ffd60f/log4j-jndi-remover-java11.jar

Comments

[Bradley Corner]

Refer to Apache Log4j2 Vulnerability - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 - ESA-2021-31

[Arnab]

Hey Buddy,
Can you explain the security issue with log4j?

[Kooin-Shin]

Hi,
Refer to this link - logging.apache.org/log4j/2.x/secur...