DEV Community

Cover image for Log4J JNDI Remove Utility

Posted on • Updated on

Log4J JNDI Remove Utility

Some days ago, There was big shocking security issue disclosed about Log4J JNDI exploit vulnerability.

It was almost veiled over 8 years!

Some kind of worried thing blows in my head because it's very most used Logger API ever.

But we have to get a chance to recover it.

Not fully complete, but complementary thing is here. It's a way to remove JndiLookup.class in Log4J jar files.

So I introduce a utility for removing JNDI class in jars by batch processing from top level directory.

Download and execute jar like 'java -jar log4j-jndi-remover.jar', then you can fix your applications and services.

Top comments (3)

bcorner13 profile image
Bradley Corner

Refer to Apache Log4j2 Vulnerability - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 - ESA-2021-31

pogo420 profile image

Hey Buddy,
Can you explain the security issue with log4j?

kooin profile image

Refer to this link -