JFrog’s Best DevSecOps Blogs of 2021

Always a concern for DevOps teams, security has now become a critical part of developing and releasing software – a reality reflected on the sharp increase in JFrog blogs about DevSecOps. In fact, we generated so many hard-hitting and instructive blogs about security and compliance in 2021 that we decided our DevSecOps coverage deserved its …

Log4j vulnerabilities detected in Maven Central packages

Log4j Vulnerability Alert: 100s of Exposed Packages Uncovered in Maven Central

The high risk associated with newly discovered vulnerabilities in the highly popular Apache Log4j library – CVE-2021-44228 (also known as Log4Shell) and CVE-2021-45046 – has led to a security frenzy of unusual scale and urgency. Developers and security teams are pressed to investigate the impact of  Log4j vulnerabilities on their software, revealing multiple technical challenges …

Log4shell Vulnerability Explained

Log4j Log4Shell 0-Day Vulnerability: All You Need To Know

Update 12/28/2021 Added: Impact analysis of CVE-2021-44832 Update 12/27/2021 Expanded: Exploiting Log4j2 2.15.0 for remote code execution – new bypass method Update 12/27/2021 Expanded: LOG4J_FORMAT_MSG_NO_LOOKUPS mitigation bypass – more vulnerable configurations Update 12/27/2021 Added: Log4Shell Timeline   Update 12/19/2021 Added: Impact analysis of CVE-2021-45105 Update 12/17/2021 Added: Exploiting Log4j2 2.15.0 for remote code execution (using new mitigation …