latest
Log4j 2.17.1 now available with more Log4Shell vulnerability fixes
The Apache Foundation is roling out the fourth Log4j update in a month, which fixes more potential security vulnerabilities.
Earlier this month, a security vulnerability discovered in the popular Java-based logging package "Log4j" became a massive problem for countless companies and tech products. Minecraft, Steam, Apple iCloud, and other applications and services had to rush updates with a patched version, but Log4j's problems haven't been completely fixed yet. Now yet another update is rolling out, which aims to fix another potential security issue.
Dangerous "Log4j" security vulnerability affects everything from Apple to Minecraft
A dangerous security vulnerability identified in the Log4j Java logging library has exposed huge swathes of the internet to malicious actors.
Zero-day exploits are about as bad as it gets, especially when they're identified in software as ubiquitous as Apache's Log4j logging library. A proof-of-concept exploit was shared online that exposes everyone to potential remote code execution (RCE) attacks, and it affected some of the largest services on the web. The exploit has been identified as "actively being exploited", and is one of the most dangerous exploits to be made public in recent years.