🤞 personal home page: @Qingcheng sequence member Stone 🤞 fan benefits: plus one to one fan group to answer questions, get free rich resume template, improve learning materials, do a good job in the new era of volume king!

Apache Log4j2 is a Java-based logging tool that is an upgrade to Log4j. It provides many of the optimizations available in Logback over its predecessor Log4j 1.x, and fixes some of the problems in the Logback architecture. It is one of the best Java logging frameworks available today. The logging framework is widely used in business system development to record log information. Developers may log errors caused by user input.

The Apache Log4j2 vulnerability triggers remote code execution as long as the data input by external users will be logged.

Affects version

2.0 <= Apache log4j2 <= 2.14.1

The official patch

Github.com/apache/logg…

Temporary solution one

  1. Set the JVM parameter “- Dlog4j2. FormatMsgNoLookups = true”

  2. Set “log4j2. FormatMsgNoLookups = True”

  3. System environment variable “FORMAT_MESSAGES_PATTERN_DISABLE_LOOKUPS” set to “true”

  4. Disable the external network connection of the application and disable active external network connection

Temporary solution two

There is a solution to upgrade the version, now the central warehouse has not issued the version, you can go to GitHub to download the source code temporarily compiled package replacement.

The original article is reproduced, reading, please jump Apache Log4j2 remote code execution vulnerability | Ann technology full product support test

Boy, haven’t you seen enough? Click on the details of the stone, casually have a look, maybe there is a surprise? Welcome to support the likes/attention/comments, your support is my biggest motivation, thank you!