Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent ...

The Apache Software Foundation has released a new patch for Log4j, the Java-based logging utility that has seen vulnerabilities targeted en masse by hackers since Dec. 13. Log4j 2.17.1, the fifth ...

Everyone's heard of the critical log4j zero-day by now. Dubbed 'Log4Shell,' the vulnerability has already set the internet on fire. Log4j usage is rampant among many software products and multiple ...

Last Thursday, the world learned of an in-the-wild exploitation of a critical code-execution zero-day in Log4J, a logging utility used by just about every cloud service and enterprise network on the ...

A second vulnerability involving Apache Log4j was found on Tuesday after cybersecurity experts spent days attempting to patch or mitigate CVE-2021-44228. The description of the new vulnerability, CVE ...

Facepalm: The Log4J exploits that have been plaguing server administrators for the past week continue as the patch issued to block the intrusions appears to have security flaws of its own. Some ...

Community driven content discussing all aspects of software development from DevOps to design patterns. In case you’ve been hiding under a rock – or perhaps hiding from endless yelping about security ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Many firms are still using vulnerable open-source code, report warns When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Even though it was ...

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers. Tracked as ...