Bypass of allowedLdapHost check in Log4j 2.15.0 – Log4Shell (CVE-2021-44228) | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Bypass of allowedLdapHost check in Log4j 2.15.0 – Log4Shell (CVE-2021-44228) (twitter.com/marcioalm)
		3 points by pentestercrab on Dec 17, 2021 \| hide \| past \| favorite \| 1 comment

plasma on Dec 17, 2021 [–]

Was the patch issued for 2.15 the allowed host/class check, or was the feature disabled by default entirely (which is what I thought I read was done?).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact