The US Cybersecurity and Infrastructure Security Agency have ordered all civilian federal agencies to patch the Log4j vulnerability and three others by December 24, adding it to the organization's ...

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.

The Apache Software Foundation recently announced the General Availability of Log4j 2.0, containing many performance improvements over its predecessor Log4j 1.x. Years in the making, this release ...

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI.

Log4j, an open source project, allows developers to control which log statements are output with arbitrary granularity. It's fully configurable at runtime by using external configuration files ...

Waratek combines a Log4J Vulnerability Scanner and API security in its Java Security Platform to provide users with the ability to scale strategic risk mitigation in the enterprise.

First detailed in December, the vulnerability (CVE-2021-44228) allows attackers to remotely execute code and gain access to systems that use Log4j, a widely used Java logging library.

Suspicion of a DoS bug affecting log4j 2.16.0 arose on Apache's JIRA project about three days ago, shortly after 2.15.0 was found to be vulnerable to a minor DoS vulnerability (CVE-2021-45046).