I've come across a bug where a call to org.apache.log4j.LogManager.getLogger() exhibits apparently unintended side effects on the configuration (particularly log levels) of other loggers that were ...

The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...

It was a shock to all in cybersecurity as Java and the Log4j open-source logging library are prevalent, commonly used across software applications and online services. The issue quickly came to the ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released the first report of the Cyber Safety Review Board (CSRB), formed in February as directed under President Biden’s May 2021 ...

It’s been four months since Log4Shell, a critical zero-day vulnerability in the ubiquitous Apache Log4j library, was discovered, and threat analysts warn that the application of the available fixes is ...

There are many dependency management frameworks for utilizing software components, and the Log4j website has thorough documentation on how to include Log4j with several such as Maven, Ivy, Gradle, and ...

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain. The challenge ...

You’ve likely heard about the log4j cybersecurity vulnerability. Chances are, however, that you’ve mostly heard how this primarily affects public-facing internet systems. Some of the higher profile ...

Log4Shell, an internet vulnerability that affects millions of computers, involves an obscure but nearly ubiquitous piece of software, Log4j. The software is used to record all manner of activities ...

Why you may already be at risk, how to detect and mitigate the Log4j vulnerabilities now, and how to improve your code security in the future. Earlier this month, security researchers uncovered a ...

You've probably already read a ton of solid technical analysis about the Log4j vulnerability. But that's not this post. Instead, this post is meant to provide some perspective from decades spent in ...