翻翻去年此时的朋友圈，相信不少 Java 程序员又能回想起，去年被 Log4j 漏洞支配的一周：有边吃饭边修 Bug 的、有夜里熬夜打补丁的、还有周末一通电话就被抓去加班的… 当时，知名网络安全解决方案提供商 Check Point 曾预测，由于 Log4j 应用范围甚广，该漏洞很 ...

On December 9, when the Apache Software Foundation disclosed a massive vulnerability in Log4j, its Java logging library, it triggered a cat-and-mouse game as IT professionals raced to secure their ...

IT之家 12 月 13 日消息，最近的 Log4j 漏洞想必大家都知道了，11 月 9 日晚，开源项目 Apache Log4j 2 的一个远程代码执行漏洞的利用细节被公开，随后该漏洞被迅速公开。 《我的世界》Java 版成为受其危害严重的游戏之一，该漏洞允许恶意方通过将消息粘贴到游戏内 ...

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it. Attackers ...

Months on from a critical zero-day vulnerability being disclosed in the widely-used Java logging library Apache Log4j, a significant number of applications and servers are still vulnerable to ...

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. There’s an enormous amount of software vulnerable to ...

Industrial networks are among those that are vulnerable to the recently disclosed zero-day in the Log4j2 Java logging library, security researchers have warned. The vulnerability (CVE-2021-44228) was ...

Update (December 14 ,2021): We’ve updated this article with information about the new Log4j version release, along with new exploit vectors, and risks related to all Java versions. While you were ...

A WARNING has been issued for those who use the Log4J logging library that a spreading botnet could open up "a whole new pool of potential victims." The warning was issued by Cybersecurity blog ...

U.S. organizations that fail to secure customer data against Log4Shell, a zero-day vulnerability in the widely used Log4j Java logging library, could face legal repercussions, the Federal Trade ...