The log4j library has been in the news recently, and it’s not the good news either. While the details of the vulnerability have been very well documented by others, it’s summarized as allowing arbitrary code execution through maliciously crafted messages. These messages cause the Java virtual machine to look up classes from an LDAP server (yes, really!) and load them. This is obviously no good, but unless you’re familiar with Java, you might be concerned what is and isn’t vulnerable; this article aims to clarify that. But wait, who? log4j is a library developed by the Apache Software Foundation. They…
The post No, Apache Isn’t Vulnerable to the log4j Vulnerability appeared first on Seiden Group.