GitHub

DependencyGraphBuilder and log4j-api 2

StaticLinkageChecker does not work with Log4j 2 because it cannot fetch zip file for log4j-api-java9. org.apache.logging.log4j:log4j-api:2.11.1 cannot be resolved by ...
acm.org

Log4j and the Thankless High-Risk Task of Managing Software Component Upgrades

There are many dependency management frameworks for utilizing software components, and the Log4j website has thorough documentation on how to include Log4j with several such as Maven, Ivy, Gradle, and ...
cisomag

Log4j Explained: How It Is Exploited and How to Fix It

Log4j or Log4Shell, a critical vulnerability in the widely used Apache Log4j Library, has raised alarms and security concerns across the tech and info security communities. By Rudra Srinivas, Sr.
GitHub

[IMPORTANT] Log4j CVE-2021-44228 漏洞影响说明

Recently, the mainstream log framework log4j2 was reported with a severe security vulnerability CVE-2021-44228. The following is a summary of the impact of this vulnerability CVE-2021-44228 on ...
CIO Dive

Organizations still downloading vulnerable Log4j versions

Open Source Insights is an experimental service that Google developed and hosts as a means of helping developers gain a better understanding of the structure and security of open source software ...
adtmag.com

Waratek Adds Log4J Scanner and API Security to its Java Security Platform

The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...
Dark Reading

How to Prevent the Next Log4j-Style Zero-Day Vulnerability

Software testing is notoriously hard. Search Google for CVEs caused by basic CRLF (newline character) issues and you'll see thousands of entries. Humanity has put a man on the moon, but we still haven ...