IEEE

Do Developers Depend on Deprecated Library Versions? A Mining Study of Log4j

Abstract: Log4j has become a widely adopted logging library for Java programs due to its long history and high reliability. Its widespread use is notable not only because of its maturity but also due ...
搜狐

Apache Log4j曝漏洞,攻击者可拦截敏感日志数据

Apache日志服务团队近日披露了Log4j Core中的一个严重安全漏洞,该漏洞使应用程序面临日志数据被拦截的风险。 漏洞技术细节 该漏洞存在于Socket Appender组件中,影响2.0-beta9至2.25.2版本,为恶意攻击者创建了中间人攻击途径。 受影响版本的Log4j中,Socket Appender组件 ...