Author(s)
In this episode of the Quick Fire Java video series, Rudy De Busscher and Priya Khaira-Hanks discuss Log4j, security processes and prioritization, and how Payara dealt with the vulnerability.
All in a concise 10-minute video!
The Log4j vulnerability, Log4Shell, was disclosed in early December 2021 and the repercussions have been far-reaching.
Rudy explains more about what this actually means and about the wider implications of the incident. He also responds to BreachQuest's Jake Williams for Threatpost, who claimed "being exploited through an internet-facing system running vulnerable log4j at this point is a leadership failure, not a technical one."
Watch the video to find out whether Rudy agrees... 🙂
-
Java Logging: What To Log & What Not To Log?
Logs are a handy tool to spot mistakes and debug code. For engineers and, specifically, in a DevOps environment, the logs are a very valuable tool.
In this article, I am going to guide you through a pragmatic approach to Java logging—what should we log, what shouldn’t we log, and how to implement Java logging properly.
Read More
-
Log4j2 Isn’t Killing Java
Java developers typically choose from several logging systems or facades. Many of these logging frameworks have grown to work together over the years.
Read More
-
Java: Where the Wild Code Isn’t
In the last several years, the OpenJDK community has made Java significantly safer for users and developers while at the same time making it easier to design, build, and run applications quickly.
Java users should incorporate several practices to take full benefit from the defenses of the modern JRE.
Read More