AlexMilotin
commented
2 years ago It is written in the README.MD
(mitigated) tag will be displayed if org/apache/logging/log4j/core/lookup/JndiLookup.class entry is removed from JAR file.
Closed dkordyban closed 2 years ago
AlexMilotin
commented
2 years ago It is written in the README.MD
(mitigated) tag will be displayed if org/apache/logging/log4j/core/lookup/JndiLookup.class entry is removed from JAR file.
dkordyban
commented
2 years ago My apologies, I posted before I read the readme.md file.
On Mon, Dec 20, 2021, 6:04 AM AlexMilotin @.***> wrote:
It is written in the README.MD https://github.com/logpresso/CVE-2021-44228-Scanner/blob/main/README.md (mitigated) tag will be displayed if org/apache/logging/log4j/core/lookup/JndiLookup.class entry is removed from JAR file.
— Reply to this email directly, view it on GitHub https://github.com/logpresso/CVE-2021-44228-Scanner/issues/166#issuecomment-997821708, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF6JG4NTHCADZBY6SWQQ623UR4EVRANCNFSM5KNMBZIA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you authored the thread.Message ID: @.***>
Does it remove JNDI feature all together or just remove the ability for log4j to call out to external servers via LDAP, RMI, HTTP?