The Apache Software Foundation recently announced the General Availability of Log4j 2.0, containing many performance improvements over its predecessor Log4j 1.x. Years in the making, this release ...

Attackers are exploiting a vulnerability in the Log4j logging platform on systems running Apache software that is written in Java and utilizes the log4j library. Critical systems will be impacted.

The Apache Software Foundation published a new Log4j patch late on Friday after discovering issues with 2.16.

A critical vulnerability has been discovered in Apache Log4j 2, an open source Java package used to enable logging in many popular applications, and it can be exploited to enable remote code ...

The Apache Software Foundation has released a new patch for Log4j, the Java-based logging utility that has seen vulnerabilities targeted en masse by hackers since Dec. 13. Log4j 2.17.1, the fifth ...

Apache can’t seem to catch a break with Java-based logging utility Log4j, as a third major vulnerability has now been discovered. On Friday, the Apache Software Foundation (ASF) published an ...

Keep reading. Ditch Log4j 2.15: DNS exfiltration & RCE possible Log4j 2.15.0 might contain even more severe vulnerabilities than the ones discovered so far, which is why 2.16.0 is by far a safer bet.

The Apache Log4j vulnerability has impacted organizations around the globe. Here is a timeline of the key events surrounding the Log4j exploit as they have unfolded.

Suspicion of a DoS bug affecting log4j 2.16.0 arose on Apache's JIRA project about three days ago, shortly after 2.15.0 was found to be vulnerable to a minor DoS vulnerability (CVE-2021-45046).