ATIX AG has confirmed that orcharhino 5.10 and the upcoming orcharhino 5.11 release are not affected by the log4j vulnerability.Neither orcharhino Server, orcharhino Proxy, nor any plugins provided by ATIX are affected by the remote code execution vulnerability. On December 9th 2021, a critical security vulnerability CVE-2021-44228 in Apache Log4j with a CVSS severity level 10 out of 10 has been reported.It is […] Der Beitrag orcharhino is not affected by log4j Vulnerability erschie...| orcharhino
This security advisory provides customers with an update on how PactFlow services are affected by the Apache Log4j vulnerability (CVE-2021-44228). This vulnerability has been referred to as Log4Shell by some outlets.| PactFlow Documentation Blog
This post describes how to mitigate against CVE-2021-44228: In Apache Log4j2 2.0-beta9 through 2.14.1, the JNDI features used in configurations, log messages, and parameters do not protect against an attacker-controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers […]| Gary Gregory
You can load and unload a specific Log4j 2 configuration file for a given EJB. How? Use @PreDestroy and @PostConstruct. This gives you separately deployable EJBs with separate Log4j configurations. Ka-Pow! For example: Happy Coding, Gary Gregory| Gary Gregory
Apache Log4j 2.7 is heading out to Maven Central. Here’s are the highlights of what’s new since 2.6.2. The RoutingAppender can be configured with scripts. A new Appender, the ScriptApp…| Gary Gregory
Log4Shell, formally known as CVE-2021-44228 seems to be the next big vulnerability that affects a huge number of systems, and the affected component, Log4j gets involved in logging untrusted data by design. This results in lots of vulnerable hosts that are hidden in the sense that naive testing won’t find them, as it’s not trivial to know which part of a complex parsing path (potentially involving multiple systems) is vulnerable. We built and released our new open source tool to find thes...| Silent Signal Techblog