Log4Shell Update – December 16, 2021

2.16.0 Logj is the latest!

Following further analysis by the security community, earlier information regarding the latest available Apache Log4j version has now been superseded.

Vulnerabilities tracked as CVE-2021-45046 (NVD – CVE-2021-45046 (nist.gov) have been identified in the patch, released as Log4J 2.15.0 and there are early indications that attackers are actively exploiting these against those who have already applied the update; incorrect configurations made it possible for attackers to perform denial-of-service attacks.

Apache version 2.16.0 is now the latest and is believed to address the vulnerability by removing support for message lookup patterns and disabling JNDI functionality by default.

As a customer, if you require support in either locating Log4j files or addressing this vulnerability holistically, please log a ticket with the
Origina Support Desk.

If you’re not a customer yet, please contact us. We are here to help.

FOR THE LATEST TECHNOLOGY TIPS SUBSCRIBE TO OUR NEWSLETTER - THE UPTIME

Gain insight into industry-only news, access to webinars, tips and tricks, blog posts, podcasts, and guides, surrounding topics like cybersecurity, reducing software support and maintenance costs and much more, all delivered to your inbox each month.

LEARN MORE