GIGAZINE

Why does the vulnerability 'Log4Shell (CVE-2021-44228)' found in Java's Log4j library have ...

A version of Apache Log4j, a Java log output library, that fixes the zero-day vulnerability 'CVE-2021-44228 ', commonly known as ' Log4Shell ', for remote code execution will be released on December ...
GIGAZINE

A cheat sheet that summarizes how to deal with the Java / Log4j library vulnerability ...

Royce Williams, who works for cyber security company Alaskan Cyber Watch, has released a cheat sheet about the zero-day vulnerability 'Log4Shell ' discovered in Java's log output library Log4j. The ...
The Verge

Log4j is patched, but the exploits are just getting started

Peter Membrey, chief architect of ExpressVPN, remembers vividly seeing the news of the Log4j vulnerability break online. “As soon as I saw how you could exploit it, it was horrifying,” says Membrey.
InfoWorld

Write custom appenders for log4j

statements, however. The logging system can add contextual information—filename, line number, and date, for example—to the message automatically. You can redirect the messages to different ...
Dark Reading

The Log4j Flaw Will Take Years to Be Fully Addressed

More than 80% of Java packages affected by the vulnerability in the Apache Log4j library cannot be updated directly and will require coordination between different project teams to address the flaw. A ...
CSOonline

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it. Attackers ...