- Joined
- Dec 1, 2018
- Messages
- 3,119
In my day to day job I seem to see a never ending list of 'critical vulnerabilities' almost on a daily basis but this one I thought I should mention so you can check as it has the potential to be quite bad if you get hit by it!
Its due to a vulnerability in the Java-based Log4j package, what the hell is Log4j and why would i care? Let me address each one of those very valid questions
What is Log4j?
Log4j is a reliable, fast and flexible logging framework (APIs) written in Java, which is distributed under the Apache Software License and is often bundled/embedded with third party software.
It has 3 main components:
Its due to a vulnerability in the Java-based Log4j package, what the hell is Log4j and why would i care? Let me address each one of those very valid questions
What is Log4j?
Log4j is a reliable, fast and flexible logging framework (APIs) written in Java, which is distributed under the Apache Software License and is often bundled/embedded with third party software.
It has 3 main components:
- loggers - which are used to capture logging information
- appenders - which are used to publish logging information
- layouts - which are used to format logging information
- Started back in 1996 as tracing API for the E.U. SEMPER (Secure Electronic Marketplace for Europe) project
- It went through many enhancements and versions which eventually evolved into the Log4j logging package
- It's distributed under the Apache Software License which is an open source license
Last edited:
