Apache Log4j 日志库中发现了另一个严重的远程代码执行漏洞，现在被跟踪为 CVE-2021-44832。这是 Log4j 库中的第三个 RCE 和第四个漏洞，其次分别是 CVE-2021-44228 (RCE)、CVE-2021-45046 (RCE) 和 CVE-2021-45105 (DoS 攻击)。 目前，Apache 团队已发布新的 Log4j 版本以修复新发现的这一 ...

这几天，Apache Log4j 2 绝对是众多 Java 程序员提到的高频词之一：由于 Apache Log4j 2 引发的严重安全漏洞，令一大批安全人员深夜修 Bug、打补丁。此次漏洞更是因为其触发简单、攻击难度低、影响人群广泛等特点，被许多媒体形容为“核弹级”漏洞。 据彭博社本 ...

Attackers are exploiting a vulnerability in the Log4j logging platform on systems running Apache software that is written in Java and utilizes the log4j library. Critical systems will be impacted.

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

A serious code execution vulnerability in Log4j has security experts warning of potentially catastrophic consequences for enterprise organizations and web apps. A serious code execution vulnerability ...

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No, you’re not seeing triple: On Friday ...

The Apache Software Foundation (ASF) has rolled out another update - version 2.17.0 - for its Java-based open-source logging library Log4j to address a third security vulnerability discovered in the ...

Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike ...

Alibaba Group Holding’s cloud computing services unit, which was disciplined by China’s internet security regulator for failing to report a critical software vulnerability in a timely manner, said the ...

The vulnerability allows remote code execution on servers, including those operated by Apple, Twitter, Valve, Tencent, and other major service providers. I've been writing about tech, including ...