Skip to main content

Log4j vulnerability resources to find and fix Log4Shell

Latest: Dec 28, Log4j version 2.17 vulnerable to DoS attack (CVE-2021-44832), upgrade to the latest Log4j version 2.17.1.

By now, you already know of — and are probably in the midst of remediating — the vulnerability that has come to be known as Log4Shell and identified as CVE-2021-44228 and CVE-2021-45046. This is the vulnerability which security researchers disclosed on Friday (10 December 2021) for Apache’s Log4j logging framework.

Cheatsheet

Log4Shell remediation cheat sheet

Read more

Github Awesome List

Log4Shell resources to stay informed and secure

View on Github

Snyk Learn

Log4Shell vulnerability lesson

Start learning

Secure your Java apps

Find and fix Log4Shell for free in a few clicks with Snyk

Get started

Resources

wordpress-sync/feature-log4j-purple
Blog

FTC highlights the importance of securing Log4j and software supply chain

Read more
wordpress-sync/feature-log4j-purple
Blog

Log4Shell webinar: What you need to know

Read more
wordpress-sync/feature-log4j-purple
Blog

New Log4j 2.17.1 fixes CVE-2021-44832 remote code execution (but it’s not as bad as it sounds)

Read more
wordpress-sync/feature-log4j-blue

Webinar

Stranger Danger: Log4Shell Live Hack

Watch now
wordpress-sync/feature-log4j-purple
Blog

Snyk makes it easier to fix Log4Shell with extended free scans

Read more
wordpress-sync/feature-log4j-blue

Twitter Spaces

All About Software Security Issues and Log4Shell

Listen now
wordpress-sync/feature-log4j-purple
Blog

Log4j 2.16 High Severity Vulnerability (CVE – CVE-2021-45105) Discovered

Read more
wordpress-sync/feature-log4j-purple
Blog

Log4j 2.15 vulnerability CVE-2021-45046 upgraded to a critical severity arbitrary code execution

Read more
wordpress-sync/feature-log4j-blue
Video

How do we solve a problem like Log4shell? A java champion’s take

Watch video
wordpress-sync/feature-log4j-purple
Blog

Find Log4Shell vulnerabilities in your unmanaged and shaded jars with the Snyk CLI

Read more
wordpress-sync/feature-log4j-purple
Blog

Security in context: When is a CVE not a CVE?

Read more
wordpress-sync/feature-log4j-blue
Video

Log4Shell Vulnerability: What You Need to Know (APJ)

Watch video
wordpress-sync/feature-log4j-blue
Video

What has the Log4shell vulnerability taught us about application security?

Watch video
wordpress-sync/feature-log4j-purple
Blog

Log4Shell in a nutshell (for non-developers & non-Java developers)

Read more
wordpress-sync/feature-log4j-blue
Video

Log4Shell Vulnerability: What You Need to Know

Watch video
wordpress-sync/feature-log4j-blue
Video

Fireside Chat: Log4j and Injection Flaws

Watch video
wordpress-sync/feature-log4j-blue
Video

Don’t panic, we’ll get through Log4shell together

Watch video
wordpress-sync/feature-log4j-purple
Blog

Find and fix Log4j vulnerability quickly with Snyk

Read more
wordpress-sync/feature-log4j-purple
Blog

The Log4j vulnerability and its impact on software supply chain security

Read more
wordpress-sync/feature-log4j-purple
Blog

Prevent Log4Shell RCE by updating to version 2.17.1

Read more

Stop Log4Shell with Snyk

無料登録