Browsing Tag
Log4Shell
2 posts
Log4j New Year Wrap-Up
One month into the Log4j vulnerability, we take a look at the 3 CVEs and their fixes, known exploits being observed in the wild, and a way forward in dealing with the ubiquitous and targeted Java library.
January 7, 2022 01:15 GMT
Apache Releases Log4j 2.16.0 to Patch Lingering DoS Vulnerability
Amid the focus on Log4j while patching CVE-2021-44228, a JNDI injection RCE vulnerability, Apache has released 2.16.0 which disables JNDI by default and removes support for Message lookups in order to fix a newly discovered denial of service vulnerability.
December 14, 2021 19:39 GMT