FTC highlights the importance of securing Log4j and software supply chain
Log4j vulnerability resources to find and fix Log4Shell
Latest: Dec 28, Log4j version 2.17 vulnerable to DoS attack (CVE-2021-44832), upgrade to the latest Log4j version 2.17.1.
By now, you already know of — and are probably in the midst of remediating — the vulnerability that has come to be known as Log4Shell and identified as CVE-2021-44228 and CVE-2021-45046. This is the vulnerability which security researchers disclosed on Friday (10 December 2021) for Apache’s Log4j logging framework.
Log4j 2.15 vulnerability CVE-2021-45046 upgraded to a critical severity arbitrary code execution