The Apache Foundation has released an emergency update for a critical zero-day vulnerability in Log4j. This is a widely used logging tool included in almost every Java application. The problem that the update has been issued to address is that a bug in the Log4j library could allow an attacker to execute arbitrary code on a system that is using Log4j to write out log messages. The update can be found here: https://logging.apache.org/log4j/2.x/security.html
They are always on hand to help, especially outside of normal working hours to help lessen the disruption to our users.
- Ian Walters -