Yesterday, the Apache Log4j team released a new version: 2.16.0!
2.16.0 update content
- JNDI access is disabled by default, the user needs to enable it by configuring the log4j2.enableJndi parameter
- The default allowed protocols are restricted to: java, ldap, ldaps, and the ldap protocol is restricted to only access to Java primitive objects
- Message Lookups have been completely removed, strengthening the defense against vulnerabilities
For more details, please check the official website: https://logging.apache.org/log4j/2.x/
If you are learning Spring Boot, then I recommend a free tutorial serialized for many years and continue to be updated: https://blog.didispace.com/spring-boot-learning-2x/
How to upgrade Spring Boot users
Spring Boot users can still use the Spring Boot application shared a few days ago to easily upgrade all log4j versions under Spring Boot, , to adjust the log4j2 version globally.
If you are too lazy to read the previous article, you can also use the following figure to understand how to modify it:
Welcome to pay attention to my official account: Program Ape DD, to share knowledge and thoughts that can’t be seen elsewhere
java
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。