Log4j 2.17.0 exposes bugs again, but don't panic!

The latest news! Log4j 2.17.0 has vulnerabilities.

This image comes from Log4j2 website: logging.apache.org/log4j/2.x/

Vulnerability number: CVE-2021-44832

Vulnerability: JDBCAppender function provided by Log4j2 to write log information to the database. This process requires JNDI support, so an attacker can use this to execute arbitrary code.

Hazard level: medium

Scope of impact: 2.17.0 and below (excluding 2.12.4 and 2.3.2)

Fix: Upgrade Log4j2

Java 8 or later users upgrade to the latest 2.17.1
Java 7 users upgraded to 2.12.4
Java 6 users upgraded to 2.3.2

This vulnerability is similar to the Logback vulnerability exposed before, because there are harsh utilization conditions, so the harm is not great. Maybe behind you will immediately see a lot of headlines from the marketing number, I hope you can be calm, don’t panic…

Welcome to pay attention to my public number: program ape DD. Learn cutting-edge industry news, share in-depth technical know-how, and obtain high-quality learning resources at the first time

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Log4j 2.17.0 exposes bugs again, but don’t panic!

Log4j 2.17.0 exposes bugs again, but don’t panic!

Related Posts

RDD transformations and actions summary | in 18 days

How does HTTPS ensure security?

Fleet (already previewed) directly compares vscode. Is fleet expected to outperform vscode? Let’s actually do it today