SON_logo_horiz_main_

This Log4j vulnerability (CVE-2021-44228) has already become a “flashbulb memory” event in the timeline of significant vulnerabilities. It is the most widely used logging framework in the Java ecosystem — in fact, we’ve seen it downloaded 84 million times from the Central Repository in just the last 4 months.

Organizations need to be aware of Log4j not only in the software they produce, but also in the software they use. Any software written in Java is very likely to contain Log4j somewhere in its stack, including embedded devices.

Join our Java and Apache Software Foundation experts, Brian Fox, CTO at Sonatype , Ilkka Turunen, Field CTO at Sonatype, and Steve Poole, Developer Advocate at Sonatype as they discuss:

  • What exactly the Log4j Exploit is
  • How to determine if you’re affected
  • Why the only path forward is a patch and what that patch looks like
  • How to protect yourself against similar 0-day open source vulnerabilities in the future
Headshot_Hexagon_BrianFox@2x
Brian Fox
CTO
Headshot_Hexagon_Ilkka_Turunen@2x-1
Ilkka Turunen
Field CTO
Steve_Pool_Hexagon_Yellow@2x
Steve Poole
Developer Advocate

 

 

Sonatype Envelope

Ready to Try Sonatype?

Secure and automate your software supply chain.