As a maintainer of the free and open source software project Apache Commons, I review pull requests on GitHub. Since the libraries we produce in components like Commons Lang, Commons IO, and Commons VFS are used directly and transitively in countless applications, open and closed source alike, we want to be careful when releasing new […]| Gary Gregory
Some say, CVE-2022-42889 is the new Log4Shell, for which we developed our own tool to enumerate affected hosts back in 2021. Others like Rapid7 argue that it may not be as easy to exploit like Log4Shell. Regardless of the severity and exploitability of this vulnerability, we quickly morphed a clone of our Log4Shell plugin into an open source tool that can detect this vulnerability reasonably well.| Silent Signal Techblog