Page History

According to this article, and this blog post, if the server has Java runtimes later than 8u121, then it is protected against remote code execution.According to this blog post, JDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are not affected by the LDAP attack vector. In these versions com.sun.jndi.ldap.object.trustURLCodebase is set to false meaning JNDI cannot load remote code using LDAP.