Skip to content

DEV Community

Kooin-Shin

Posted on Dec 14, 2021 • Updated on Dec 17, 2021

Log4J JNDI Remove Utility

Some days ago, There was big shocking security issue disclosed about Log4J JNDI exploit vulnerability.

It was almost veiled over 8 years!

Some kind of worried thing blows in my head because it's very most used Logger API ever.

But we have to get a chance to recover it.

Not fully complete, but complementary thing is here. It's a way to remove JndiLookup.class in Log4J jar files.

So I introduce a utility for removing JNDI class in jars by batch processing from top level directory.

Download and execute jar like 'java -jar log4j-jndi-remover.jar', then you can fix your applications and services.

Top comments (3)

Subscribe

Bradley Corner • Jan 5 '22

Refer to Apache Log4j2 Vulnerability - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 - ESA-2021-31

Arnab • Dec 14 '21

Hey Buddy,
Can you explain the security issue with log4j?

Kooin-Shin • Dec 14 '21

Hi,
Refer to this link - logging.apache.org/log4j/2.x/secur...

Read next

How to Include JavaScript in Laravel 11: A Step-by-Step Guide for All Scenarios

websilvercraft - Nov 7

Cyber Agents Adapt Using Evolving Behavior Trees

Mike Young - Nov 7

Larger Language Models Thrive with Expanded Vocabularies

Mike Young - Nov 7

[Webinar] Terraform for Azure

Surag - Nov 7

I always dive into new tech and brand new style that be making something effective, pragmatic, attractive.

Location

Seoul In Korea
Education

Bachelor Degree of Philosophy
Work

Senior Java Core Developer at Innotree
Joined

Oct 19, 2020

How to find value using path array on structural document in Java

#json #yaml #java

Console Application Input Library in Java.

#java #console #input

How to load JDBC MySQL driver using instantiated driver on runtime.