Message Boards
Log4J exploit and VM parameter log4j2.formatMsgNoLookups
Andre Albert, modified 2 Years ago.
Log4J exploit and VM parameter log4j2.formatMsgNoLookups
New Member Posts: 14 Join Date: 3/28/14 Recent PostsHello,
Liferay wrote an article about the log4j eploit (https://help.liferay.com/hc/en-us/articles/4416190497805) and one statement is that setting the VM Launch parameter
-DLog4j2.formatMsgNoLookups=true
will fix it.
Is it save to have it with an uppercased L because on the web, it is said that
-Dlog4j2.formatMsgNoLookups=true
will fix it. As far as i know, System parameters are case sensitive. So it save, or should i rather use the lowercase log4j2.formatMsgNoLookups?
Tomáš Polešovský, modified 2 Years ago.
RE: Log4J exploit and VM parameter log4j2.formatMsgNoLookups (Answer)
Liferay Master Posts: 676 Join Date: 2/13/09 Recent PostsHello Andre,
I just tried and any of them works and protects:
-DLog4j2.formatMsgNoLookups=true
-Dlog4j2.formatMsgNoLookups=true
Log4j has a special lookups tables ... https://github.com/apache/logging-log4j2/blob/50979afd30cb575ba743c25847b62f52414b1d3a/log4j-api/src/main/java/org/apache/logging/log4j/util/PropertiesUtil.java#L482-L498
Andre Albert, modified 2 Years ago.
RE: RE: Log4J exploit and VM parameter log4j2.formatMsgNoLookups
New Member Posts: 14 Join Date: 3/28/14 Recent PostsMany thanks Tomas for clarification on this.
Best regards Andre