The Log4j vulnerability (CVE-2021-44228) has already become a “flashbulb memory” event in the timeline of significant vulnerabilities. It is the most widely used logging framework in the Java ecosystem — in fact, we’ve seen it downloaded 84 million times from the Central Repository in just the last 4 months.
Organizations need to be aware of Log4j not only in the software they produce, but also in the software they use. Any software written in Java is very likely to contain Log4j somewhere in its stack, including embedded devices.
Hear from our Java and Apache Software Foundation experts, Brian Fox, CTO at Sonatype , Ilkka Turunen, Field CTO at Sonatype, and Steve Poole, Developer Advocate at Sonatype as they discuss:
- What exactly the Log4j Exploit is
- How to determine if you’re affected
- Why the only path forward is a patch and what that patch looks like
- How to protect yourself against similar 0-day open source vulnerabilities in the future
