自去年年底 Log4Shell 漏洞的爆出，很多人及企业将其标记为过去十年以来最严重的漏洞之一，而如今，它的影响还在继续。 从质疑到弃用 不过，即使如此，也并没有让人或者自动化安全工具“放心”。在不少开发者使用过程中，很多自动化安全工具仍然直接将 ...

全球知名开源日志组件Apache Log4j被曝存在严重高危险级别远程代码执行漏洞，攻击者可以利用该漏洞远程执行恶意代码。据阿里云通报，由Apache Log4j2某些功能存在递归解析功能，攻击者可直接构造恶意请求，触发远程代码执行漏洞。 该漏洞于12月7日由游戏平台 ...

雷锋网消息：昨日夜间，Apache Log4j2引发严重安全漏洞，疑似很多公司的服务器被扫描攻击，一大批安全人员深夜修bug，堪称“核弹级”漏洞。 经专家研判，该漏洞影响范围极大，且利用方式十分简单，攻击者仅需向目标输入一段代码，不需要用户执行任何多余 ...

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. There’s an enormous amount of software vulnerable to ...

CISA created a landing page for all Log4j vulnerability content and is providing insight alongside the Joint Cyber Defense Collaborative that includes multiple cybersecurity companies. CISA added the ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...

Almost every large application includes its own logging or tracing API. Experience indicates that logging represents an important component of the development cycle. As such, logging offers several ...

Vulnerable Log4j code can be found in products from some of the most prominent technology vendors like Cisco, IBM, and VMware, and as well as one serving the MSP community like ConnectWise and N-able.