GitHub

Apache Log4j Tag Library not working on tomcat 10.1.34

I'm trying to port a project using JSP from Tomcat 9 to Tomcat 10.1.34 but "Apache Log4j Tag Library" ("log4j-taglib-2.24.3.jar") is not working anymore.
Bleeping Computer

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
InfoQ

Java News Roundup: NetBeans 17, Multiple Spring and Tomcat Updates, GraalVM Builds for JDK 20

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Senyo Simpson discusses how Rust's core ...
GitHub

Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while ...

Users should refer to Maven, Ivy, Gradle, and SBT Artifacts on the Log4j website for instructions on how to include Log4j into their project using their chosen build tool.
TechRepublic

Open source code for commercial software applications is ubiquitous, but so is the risk

Open source code for commercial software applications is ubiquitous, but so is the risk Your email has been sent It was almost exactly one year ago that experts found ...
InfoQ

Java News Roundup: JDK 19 and Jakarta EE 10 Released, String Templates, Payara Platform

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Microsoft

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. MERCURY is now tracked as Mango Sandstorm. To learn about how ...
ZDNet

Red Hat Enterprise Linux 8.6: Better security, more options

Do you want a solid Linux distribution that also delivers the latest languages and solid security? Yes? Then consider getting Red Hat Enterprise Linux 8.6. Red Hat announced this new release at the ...
Bleeping Computer

Public interest in Log4Shell fades but attack surface remains

It’s been four months since Log4Shell, a critical zero-day vulnerability in the ubiquitous Apache Log4j library, was discovered, and threat analysts warn that the application of the available fixes is ...
Rochester Institute of Technology

Apache Log4j Mitigation

Attackers are exploiting a vulnerability in the Log4j logging platform on systems running Apache software that is written in Java and utilizes the log4j library. Critical systems will be impacted.
Healthcare Dive

Apache tells Senate committee the Log4j vulnerability could take years to resolve

Apache Software Foundation President David Nalley on Tuesday told the Senate Homeland Security & Government Affairs Committee it could take months, or even years, to fully eliminate the Log4j ...