Simple fix for #log4jRCE #log4jshell issue if you are using Java 8 or lower version.

Create a file called http://JndiLookup.java :
package org.apache.logging.log4j.core.lookup;

import org.apache.logging.log4j.core.LogEvent;
import org.apache.logging.log4j.core.config.plugins.Plugin;

@Plugin(name = "jndi", category = "Lookup")
public class JndiLookup implements StrLookup {
@Override
public String lookup(final String key) { return key; }

@Override
public String lookup(final LogEvent event, final String key) { return key; }
}
Compile the class using log4j2 core jar. 2.0 is what I used. You can find this in http://search.maven.org  or other repos:

javac -cp log4j-core-2.0.jar -d target http://JndiLookup.java 
Create a jar file with the modified class:

jar cvf log4j-fix.jar -C target org/
Copy the jar file to JVM JRE 'lib/ext' directory:

sudo cp log4j-fix.jar /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext/
Restart your Java application(s). JNDI lookups will be ignored and the jndi string will be logged as-is.
Will not work for Java > 8, since ext mechanism was removed
You can follow @seshupasam.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more