全球知名开源日志组件Apache Log4j被曝存在严重高危险级别远程代码执行漏洞，攻击者可以利用该漏洞远程执行恶意代码。据阿里云通报，由Apache Log4j2某些功能存在递归解析功能，攻击者可直接构造恶意请求，触发远程代码执行漏洞。 该漏洞于12月7日由游戏平台 ...

史诗级的漏洞CVE-2021-44228爆发以来，各安全厂商提供了各种漏洞检测工具，也提供了各种漏洞修复方案。但是在修复过程中遇到无尽的坑，比如更新版本需要重启服务也不见得那么方便，改代码需要一定周期，临时修复方法错误(系统环境变量未生效)，Log4j 2.0-2.10 ...

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. There’s an enormous amount of software vulnerable to ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Almost every large application includes its own logging or tracing API. Experience indicates that logging represents an important component of the development cycle. As such, logging offers several ...

The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...

Vulnerable Log4j code can be found in products from some of the most prominent technology vendors like Cisco, IBM, and VMware, and as well as one serving the MSP community like ConnectWise and N-able.

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No, you’re not seeing triple: On Friday ...

Software testing is notoriously hard. Search Google for CVEs caused by basic CRLF (newline character) issues and you'll see thousands of entries. Humanity has put a man on the moon, but we still haven ...

Yahoo Finance's Dan Howley breaks down what Log4j is all about and how it can impact internet security. -Well, if you have used Apple's cloud service or played Minecraft, chances are you've ...