RCE 0-day exploit found in log4j, a popular Java logging package

This page summarizes the projects mentioned and recommended in the original post on /r/programming
Java Logging coq Web Frameworks proof-assistant

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • Apache Log4j 2

    Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.

    • See https://github.com/apache/logging-log4j2/pull/597/files (which was recently merged). Also the error this PR is fixing is so incredibly amateurish that it's hard to to feel disgust.

  • ysoserial

    A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

    • This has been known for a zillion years and has caused a zillion CBEs, so at this point there are off-the-shelf tools like ysoserial that take your payload and wrap it into an object that kabooms when deserialized, with like 20 different choices of methods depending on what dangerous objects are available on the target's classpath for deserialization.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • coq

    Coq is a formal proof management system. It provides a formal language to write mathematical definitions, executable algorithms and theorems together with an environment for semi-interactive development of machine-checked proofs.

    • Regarding something constructive, Cubical Type Theory is far more advanced than required for all software development humanity has ever attempted. Using Coq works for industry level tasks just fine, even without https://github.com/coq/coq/issues/13544.

  • Log4jPatcher

    A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)

    • The folks over at CreeperHost have created a Java agent that patches log4j2, for people who can't update it for whatever reason. https://github.com/CreeperHost/Log4jPatcher

  • Doubly-Linked-List-VST

    Discontinued The final project for CS2603 (2021 Spring), aiming to verify a doubly linked list library using VST. Collaborating with @karzexcc

  • Log4jAttackSurface

  • Logback

    The reliable, generic, fast and flexible logging framework for Java.

    • Also https://github.com/qos-ch/logback/commit/b810c115e363081afc70f8bf4ee535318c3a34e1

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo

  • Spring Boot

    Spring Boot

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Example Of A Java Program From A Working Developer?

    5 projects | /r/learnjava | 27 Sep 2021

  • JHipster 8 - Analisando o código da nossa primeira aplicação monolítica - Parte 2/3

    1 project | dev.to | 6 May 2024

  • LogCaptor: Simplificando o Teste de Logs em APIs REST Java

    2 projects | dev.to | 12 Mar 2024

  • Build a simple E-commerce PIM with Next.js, Prisma, and Neon

    4 projects | dev.to | 9 Mar 2024

  • Hackers exploited Windows 0-day for 6 months after Microsoft knew of it

    2 projects | news.ycombinator.com | 5 Mar 2024