Significant security vulnerability discovered in Log4j

Steven Smith steve.t.smith at
Wed Dec 15 00:43:18 UTC 2021

Also please see <>

> On Dec 14, 2021, at 6:47 PM, Nils Breunese <nils at> wrote:
> A couple of hours ago <> was made public, which states that the previous mitigations of upgrading to Log4J 2.15.0 or setting system/environment properties is longer enough. The recommended solution is upgrading to Log4J 2.16.0. If that is not possible, it is recommended to at least remove the JndiLookup class from the log4j-core JAR (e.g. zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3898 bytes
Desc: not available
URL: <>

More information about the macports-dev mailing list