This post describes how to mitigate against CVE-2021-44228: In Apache Log4j2 2.0-beta9 through 2.14.1, the JNDI features used in configurations, log messages, and parameters do not protect against an attacker-controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers […]
