There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. There’s an enormous amount of software vulnerable to ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

I've come across a bug where a call to org.apache.log4j.LogManager.getLogger() exhibits apparently unintended side effects on the configuration (particularly log levels) of other loggers that were ...

There are many dependency management frameworks for utilizing software components, and the Log4j website has thorough documentation on how to include Log4j with several such as Maven, Ivy, Gradle, and ...

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No, you’re not seeing triple: On Friday ...

We wanted a way to test the CVE-2021-44228 / log4shell vulnerability. https://github.com/christophetd/log4shell-vulnerable-app is great, and the docker packaging ...

Almost every large application includes its own logging or tracing API. Experience indicates that logging represents an important component of the development cycle. As such, logging offers several ...

Open Source Insights is an experimental service that Google developed and hosts as a means of helping developers gain a better understanding of the structure and security of open source software ...

As mentioned in an earlier blog post, the Log4j vulnerability poses new risks to APIs. APIs are both a new attack vector for this exploit and attackers can extend their reach via APIs. We also ...

Recently, the popular Vietnamese crypto trading platform ONUS sustained a large-scale cyberattack after threat actors exploited its payment system running on a vulnerable Log4j version. ONUS provides ...