Log4Shell Update – December 16, 2021

2.16.0 Logj is the latest!

Following further analysis by the security community, earlier information regarding the latest available Apache Log4j version has now been superseded.

Vulnerabilities tracked as CVE-2021-45046 (NVD – CVE-2021-45046 (nist.gov) have been identified in the patch, released as Log4J 2.15.0 and there are early indications that attackers are actively exploiting these against those who have already applied the update; incorrect configurations made it possible for attackers to perform denial-of-service attacks.

Apache version 2.16.0 is now the latest and is believed to address the vulnerability by removing support for message lookup patterns and disabling JNDI functionality by default.

As a customer, if you require support in either locating Log4j files or addressing this vulnerability holistically, please log a ticket with the
Origina Support Desk.

If you’re not a customer yet, please contact us. We are here to help.

JUMP TO:

Customer demand inspires third-party software support and maintenance (TPSM) provider to extent its proven methodology to a wider range of IBM products.

Thanks to their unparalleled stability and reliability, mainframes still power the world’s leading businesses. Learn more about third-party support for IBM Z series mainframes

For the latest technology tips subscribe to our NEWSLETTER- THE UPTIME

Gain insight into industry-only news, access to webinars, tips and tricks, blog posts, podcasts, and guides, surrounding topics like cybersecurity, reducing software support and maintenance costs and much more, all delivered to your inbox each month.

Sign up for the Origina Newsletter

Wait! Don't forget to subscribe to our Newsletter- The Uptime for the latest technology tips!