Orthogonality is a concept often used to describe modular and maintainable software, but it’s more easily understood by way of a case study. In this article, Jens Dietrich demystifies orthogonality ...

Understand the Log4j2 vulnerability and learn how you can tell (and what you should do) if your Gradle or Maven applications are exposed.

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No, you’re not seeing triple: On Friday ...

After nearly two years of adopting major network and security changes wrought by COVID-19 and hybrid work, weary IT network and security teams didn’t need another big issue to take care of, but they ...

Santiago Torres-Arias does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations ...

The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.” An excruciating, easily exploited ...

Apache can’t seem to catch a break with Java-based logging utility Log4j, as a third major vulnerability has now been discovered. On Friday, the Apache Software Foundation (ASF) published an ...

Volunteer-run projects like Log4J keep the internet running. The result is unsustainable burnout, and a national security risk when they go wrong.

Patch fixing critical Log4J 0-day has its own vulnerability that’s under exploit If you've patched using Log4J 2.15.0, it's time to consider updating again. Stat.

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent ...