全球知名开源日志组件Apache Log4j被曝存在严重高危险级别远程代码执行漏洞，攻击者可以利用该漏洞远程执行恶意代码。据阿里云通报，由Apache Log4j2某些功能存在递归解析功能，攻击者可直接构造恶意请求，触发远程代码执行漏洞。 该漏洞于12月7日由游戏平台 ...

Apache Log4j 日志库中发现了另一个严重的远程代码执行漏洞，现在被跟踪为 CVE-2021-44832。这是 Log4j 库中的第三个 RCE 和第四个漏洞，其次分别是 CVE-2021-44228 (RCE)、CVE-2021-45046 (RCE) 和 CVE-2021-45105 (DoS 攻击)。 目前，Apache 团队已发布新的 Log4j 版本以修复新发现的这一 ...

上周五，谷歌开源洞察团队在官方安全博客上发表了一篇文章，详细介绍了 Apache Log4j 漏洞对行业造成的广泛影响。 James Wetter 和 Nicky Ringland 指出，超过 35000 个 Java 包、占总数 8% 以上的 Maven 中央存储库，尤其让我们对其留下的隐患感到担忧。 据悉，这些漏洞 ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

More than 80% of Java packages affected by the vulnerability in the Apache Log4j library cannot be updated directly and will require coordination between different project teams to address the flaw. A ...

Software testing is notoriously hard. Search Google for CVEs caused by basic CRLF (newline character) issues and you'll see thousands of entries. Humanity has put a man on the moon, but we still haven ...

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No, you’re not seeing triple: On Friday ...

The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...