Log4j 2.17.0 exposes vulnerabilities again, but don't panic!

latest news! According to the release of Log4j official website, 2.17.0 version still has loopholes!

The above picture is from the official website of : 161ce723fd1ddd https://logging.apache.org/log4j/2.x/

Vulnerability number: CVE-2021-44832

Vulnerability content: The JDBCAppender function provided by Log4j2 writes log information into the database. This process requires the support of JNDI, so an attacker can use this to execute arbitrary code.

Hazard level: in

Affected range: 2.17.0 and below (not including 2.12.4, 2.3.2)

Repair measures: upgrade the version of Log4j2

• Java 8 or later users upgrade to the latest 2.17.1
• Java 7 users upgrade to 2.12.4
• Java 6 users upgrade to 2.3.2

This vulnerability is similar to the previously exposed Logback vulnerability . Because of the harsh use conditions, the harm is not great. Maybe you will see a lot of alarmist headlines from the marketing right away. I hope you can look at 161ce723fd1f69 calmly and don’t panic ...

Welcome to pay attention to my official account: Program Ape DD. Learn about cutting-edge industry news for the first time, share in-depth technical dry goods, and obtain high-quality learning resources