DEV Community

Cover image for Log4J JNDI Remove Utility
Kooin-Shin
Kooin-Shin

Posted on • Edited on

Log4J JNDI Remove Utility

Some days ago, There was big shocking security issue disclosed about Log4J JNDI exploit vulnerability.

It was almost veiled over 8 years!

Some kind of worried thing blows in my head because it's very most used Logger API ever.

But we have to get a chance to recover it.

Not fully complete, but complementary thing is here. It's a way to remove JndiLookup.class in Log4J jar files.

So I introduce a utility for removing JNDI class in jars by batch processing from top level directory.

Download and execute jar like 'java -jar log4j-jndi-remover.jar', then you can fix your applications and services.

Top comments (3)

Collapse
 
bcorner13 profile image
Bradley Corner

Refer to Apache Log4j2 Vulnerability - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 - ESA-2021-31

Collapse
 
pogo420 profile image
Arnab

Hey Buddy,
Can you explain the security issue with log4j?

Collapse
 
kooin profile image
Kooin-Shin

Hi,
Refer to this link - logging.apache.org/log4j/2.x/secur...