InfoQ

Apache Log4j 2.0 - Worth the Upgrade?

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Computer Weekly

Almost half of Log4j downloads still dangerously exposed

A month after the disclosure of CVE-2021-44228, aka Log4Shell, a critical vulnerability in the Apache Log4j Java package, up to 40% of new downloads are still at risk of compromise despite the ...
Computing

Third Log4j vulnerability uncovered, Apache releases version 2.17.0

The Apache Software Foundation (ASF) has rolled out another update - version 2.17.0 - for its Java-based open-source logging library Log4j to address a third security vulnerability discovered in the ...
CSOonline

The Apache Log4j vulnerabilities: A timeline

The Apache Log4j vulnerability has impacted organizations around the globe. Here is a timeline of the key events surrounding the Log4j exploit as they have unfolded. The Apache Log4j vulnerability has ...
GitHub

Apache Log4j Tag Library not working on tomcat 10.1.34

I'm trying to port a project using JSP from Tomcat 9 to Tomcat 10.1.34 but "Apache Log4j Tag Library" ("log4j-taglib-2.24.3.jar") is not working anymore.
Threat Post

Third Log4J Bug Can Trigger DoS; Apache Issues Patch

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No, you’re not seeing triple: On Friday ...