Dendrobatus AzureusFeb 27

LLM slop bug reports in log4J2

This thing now needs to be fixed on the highest level possible
Wasting programmers time is what the LLMs are doing

https://github.com/apache/logging-log4j2/discussions/4052

#log4J2 #LLM #AI #generated #Slop #bug #bounty #reports #technology #OpenSource

Sage 🇵🇸 🇸🇩 🇻🇪 🇺🇦 🇨🇺 🇵🇷 🍉Oct 9

"Open Source" is Broken:
https://xeiaso.net/blog/open-source-broken-2021-12-11/

#opensource
#opensourceisbroken
#log4j2
#corejs

"Open Source" is Broken

Xe Iaso's personal website.

securityaffairsJun 1, 2024
Critical #Apache #Log4j2 flaw still threatens global #finance
https://securityaffairs.com/163984/hacking/critical-apache-log4j2-flaw-still-threatens-global-finance.html
#securityaffairs #hacking
Critical Apache Log4j2 flaw still threatens global finance - Security Affairs

The flaw CVE-2021-44832 is Apache Log4j2 library is still a serious problem for multiple industries, experts warn it threatens global Finance.

Security Affairs
Christian GrobmeierDec 18, 2023

I started working for @log4j in 2009 and made its last 1.2 series release. Since then, a lot has changed, but the community is still alive and growing. Proud of that!

https://logging.apache.org/blog/2023/12/18/20-years-of-innovation.html

#opensource #java #log4j #log4j2

Apache Logging Services

Marcel SIneM(S)USMay 7, 2023
Angriffe auf Lücken in TP-Link Archer, #Apache #Log4j2 und Oracle Weblogic | Security https://www.heise.de/news/Angriffe-auf-Luecken-in-TP-Link-Archer-Apache-Log4j2-und-Oracle-Weblogic-8984237.html #Patchday
Angriffe auf Lücken in TP-Link Archer, Apache Log4j2 und Oracle Weblogic

Angreifer nutzen Sicherheitslücken in TP-Link Archer, Apache Log4j2 und Oracle Weblogic aus, um Zugriff auf Netzwerke von Opfern zu erlangen.

heise online
Petre PopescuApr 18, 2023
🔥Want to impress your colleagues with your Log4j2 skills? 💻Ready to learn something new? Check out my article on how to make a custom message converter in Log4j2! #log4j2 #java #programming #coding
https://petrepopescu.tech/2021/03/how-to-make-a-custom-message-converter-for-log4j2/
orangeDec 16, 2021

[#LOG4J2-3211] Remove support for Lookups in messages - ASF JIRA https://issues.apache.org/jira/plugins/servlet/mobile#issue/LOG4J2-3211
https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=2797204

なんでそんなバッサリ削除できるような不要な機能つけたのか?><;

ASF JIRA

Show threadjoschiDec 14, 2021
It's a magnitude less severe than CVE-2021-44228 in #log4j #log4j2 #Log4Shell which was exploitable in the default configuration up until Log4j 2.15.0.
もちゃ(あと-9.80Kg)Dec 14, 2021

Yoshi Yamaguchi(twitter.com@ymotongpoo)さんがツイートしました:

Google Cybersecurity Actionチームによるlog4j2の脆弱性(CVE-2021-44228)の概要と取るべき対応、およびGoogle Cloudで行った対応とユーザーで行うべき確認についてのまとめ記事です。広く共有いただくためRTいただけると幸いです。 #gcpug #gcpja #log4j2

https://t.co/r7pB5yhiQM
https://twitter.com/ymotongpoo/status/1470563793730412544?s=20

Google Cloud recommendations for Apache Log4j 2 vulnerability | Google Cloud Blog

Google Cloud recommendations for investigating and responding to Apache Log4j 2 vulnerability (CVE-2021-44228)

Google Cloud Blog
DietPiDec 14, 2021

SECURITY notice: Learn whether an application on your #DietPi system is affected by the #log4j2 security vulnerability CVE-2021-44228, and in case how to mitigate: https://dietpi.com/blog/?p=1172

#Security #Java #OpenSource #infosec

🐦🔗: https://nitter.net/dietpi_/status/1470545169531514888

Pleroma