Most important, you may lament that you’ve heard very little (to now) from Adobe on their response to this situation. The general theme is that since log4j underlies nearly all Java applications, this is tantamount to a worldwide IT pandemic.Īnd you have also likely heard that since CF runs on Java, and includes log4j, we who use ColdFusion must be concerned and your stakeholders may be demanding that you “take action”. It’s very likely you have been hearing for days about the vulnerability in the log4j Java library, which has been discussed widely in IT circles since late Thursday Nov 10. Updated since original post: Within hours of my posting this, Adobe released an information page with more on the currently available responses (as yet, still no update). Finally, I offer a bit of opinion on how things have gone so far. And I share the current JVM arg being proposed as “the solution” to mitigate the vuln (-Dlog4j2.formatMsgNoLookups=true). TLDR: I provide here resources with suggestions of what to do about the log4jshell vulnerability, while we await an update from Adobe.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |