Log4JPatcher

A modification implemented as a Java Agent that provides protection against JNDI vulnerabilities in Log4j2. This agent applies two types of fixes:

• Disables all Lookup conversions in Log4j (on supported versions) by setting the noLookups parameter to true in the constructor of org.apache.logging.log4j.core.pattern.MessagePatternConverter
• Blocks the operation of the org.apache.logging.log4j.core.lookup.JndiLookup class by forcing its lookup function to return null

Application

To use, it is necessary to add the parameter -javaagent:Log4jPatcher.jar as a JVM argument during startup.

Detailed information about the CVE vulnerability and its consequences is available in the developers' blog.