Angriffe auf Lücken in TP-Link Archer, #Apache #Log4j2 und Oracle Weblogic | Security https://www.heise.de/news/Angriffe-auf-Luecken-in-TP-Link-Archer-Apache-Log4j2-und-Oracle-Weblogic-8984237.html #Patchday

RT @grobmeier@twitter.com

#Log4j 2 in version 2.17.1 is probably the most reviewed logging library ever. When you are concerned about software security use the moste recent version of #Log4j2. Big team. Many reviewers. Stay safe (and sorry for the issue before) #java

🐦🔗: https://twitter.com/grobmeier/status/1488246484525064199

I have no hot takes about the recent log4j2 vulnerability.

It just was a lot of work to update all the container images involved in a microservices architecture.
This is one aspect of microservices that I never really considered before this happened.

Meanwhile, maintainers of monolithic Java applications and those that used the OS dependency didn't have as much work to do.

#log4j2 #microservices

JNDI Plugin issues
https://t.co/78KcPi1x9o
#log4j #log4j2 #log4jRCE

log4jの脆弱性について https://ezoeryou.github.io/blog/article/2021-12-10-log4j.html 今のところ日本語ではこれが一番わかりやすい。#Log4Shell #log4j #log4j2

a 0-day exploit in the popular Java logging library log4j was discovered that results in Remote Code Execution (RCE) by logging a certain string.
* the impact of the exploit (full server control)
* JDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are safe
* 2.0 <= Apache log4j <= 2.14.1 are in trouble

#log4j2 #java #day2 #p0rz9 #apache #rce #jndi #update
https://www.lunasec.io/docs/blog/log4j-zero-day/