Source: thenewstack.io
Log4Shell: We Are in So Much Trouble
The open source Java logging library https://logging.apache.org/log4j/ is used a lot. And, when I say a lot, I mean it’s used in hundreds of applications.
You see, Bressers continued, “When working within Java, dependencies are cataloged as Java archive files, typically called JAR files.
A JAR file can contain JAR files, and those also contain JAR files.
Once called, these execute the user-defined remote Java class in the local log4j server and then Bad Things Happen.
You see, Bressers continued, “When working within Java, dependencies are cataloged as Java archive files, typically called JAR files.
A JAR file can contain JAR files, and those also contain JAR files.
Once called, these execute the user-defined remote Java class in the local log4j server and then Bad Things Happen.
Related Articles
Community Partners
DevOps Careers