Log4j mitigation

• Previous message (by thread): Log4j mitigation
• Next message (by thread): Log4j mitigation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Dec 13, 2021, at 2:24 PM, Owen DeLong <owen at delong.com> wrote:
> 
> The bigger problem seems to be the ever growing list of products you may be using which depend on it potentially without your knowledge.

This isn’t a new problem.

This is an great modern example showing how deeply embedded things could be, and they get worse with each of these nesting technologies as well, it may be embedded in a docker or VM image, or the class could be in some other JAR or zip you are not aware of, or could come back with an overlapping class definition based on the order things get loaded.

The same was always true with shared libraries and too-generic function names.

It’s such a blast from the past as I had felt we had moved past many of these interpreted environment or parser things by properly encoding strings with a function.

I’m really amazed at how widespread this is and what enterprise applications have had to get patched due to them embedding this software.

- jared

• Previous message (by thread): Log4j mitigation
• Next message (by thread): Log4j mitigation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]