log4j-core-test/src/test/java/org/apache/logging/log4j/core/EventParameterMemoryLeakTest.java EventParameterMemoryLeakTest.java appender/rolling log4j-core-test/src ...

The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...

The beam-vendor-calcite-1_28_0 contains a bunch of shaded dependencies with major security vulnerabilities. For example, log4j:1.2.17 and protobuf-java:3.19.2. Are there any plans to upgrade the ...

SolarWinds and Log4j have made software supply chain security issues a topic of intense interest and scrutiny for businesses and governments alike. SolarWinds was a terrifying example of what can go ...

WASHINGTON, DC - NOVEMBER 16: Department of Homeland Security Secretary Alejandro Mayorkas testifies during a Senate Judiciary Committee hearing in Washington, DC. (Photo by Drew Angerer/Getty Images) ...

Months on from a critical zero-day vulnerability being disclosed in the widely-used Java logging library Apache Log4j, a significant number of applications and servers are still vulnerable to ...

A newly-discovered zero-day vulnerability known as Spring4Shell could have “a larger impact” than Log4j. Log4j made waves in recent months as the vulnerability in the popular open-source logging ...

This blog was originally published by Onapsis on February 9, 2022. Written by Onapsis Research Labs. On Thursday, December 9, a critical vulnerability (CVE-2021-44228) in Apache log4j, a widely used ...

A technically advanced hacking group backed by the Chinese government has compromised the computer systems of at least six US state governments, according to a newly published threat report from ...

While the worst of Log4Shell may be behind us and much work remains, let's say "Well done" to the security engineers and managers who labored in the trenches in recent weeks. But if you thought the ...