In one of my computers, there is JRE 1.8.0_45 and in another machine there is OpenJDK.
I want to set the JVM flag Dlog4j2.formatMsgNoLookups=true, but where can I write this piece of configuration?
formatMsgNoLookups=true that can mitigate the issue after a restart, which is the default behavior in the patched Log4j 2.15. 0 version. You want this setting to stop your log messages from being evaluated to block this attack.
If possible, upgrade to Log4j version 2.15.0.
If upgrading is not possible, then ensure the -Dlog4j2.formatMsgNoLookups=true system property is set. Use the this command:
java -Dlog4j2.formatMsgNoLookups=true -jar myapp.jar
Also worth reading on mitigation:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With