这几天，Apache Log4j 2 绝对是众多 Java 程序员提到的高频词之一：由于 Apache Log4j 2 引发的严重安全漏洞，令一大批安全人员深夜修 Bug、打补丁。此次漏洞更是因为其触发简单、攻击难度低、影响人群广泛等特点，被许多媒体形容为“核弹级”漏洞。 据彭博社本 ...

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...

It’s been four months since Log4Shell, a critical zero-day vulnerability in the ubiquitous Apache Log4j library, was discovered, and threat analysts warn that the application of the available fixes is ...

Security experts are now urging organizations to quickly update to a new version of the Log4j logging framework that the Apache Foundation released Tuesday because its original fix for a critical ...

The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.” An excruciating, easily exploited ...