Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
The infamous CVE was supposedly fixed already by the previous release, but this version goes a step further in prevention by fully removing JNDI support and messages lookup.
The infamous CVE was supposedly fixed already by the previous release, but this version goes a step further in prevention by fully removing JNDI support and messages lookup.
https://logging.apache.org/log4j/2.x/changes-report.html#a2.16.0