-
Apache Log4j 2
Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
-
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
coq
Coq is a formal proof management system. It provides a formal language to write mathematical definitions, executable algorithms and theorems together with an environment for semi-interactive development of machine-checked proofs.
-
Log4jPatcher
A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)
-
Doubly-Linked-List-VST
Discontinued The final project for CS2603 (2021 Spring), aiming to verify a doubly linked list library using VST. Collaborating with @karzexcc
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
See https://github.com/apache/logging-log4j2/pull/597/files (which was recently merged). Also the error this PR is fixing is so incredibly amateurish that it's hard to to feel disgust.
This has been known for a zillion years and has caused a zillion CBEs, so at this point there are off-the-shelf tools like ysoserial that take your payload and wrap it into an object that kabooms when deserialized, with like 20 different choices of methods depending on what dangerous objects are available on the target's classpath for deserialization.
Regarding something constructive, Cubical Type Theory is far more advanced than required for all software development humanity has ever attempted. Using Coq works for industry level tasks just fine, even without https://github.com/coq/coq/issues/13544.
The folks over at CreeperHost have created a Java agent that patches log4j2, for people who can't update it for whatever reason. https://github.com/CreeperHost/Log4jPatcher
Also https://github.com/qos-ch/logback/commit/b810c115e363081afc70f8bf4ee535318c3a34e1
Related posts
-
Example Of A Java Program From A Working Developer?
-
JHipster 8 - Analisando o código da nossa primeira aplicação monolítica - Parte 2/3
-
LogCaptor: Simplificando o Teste de Logs em APIs REST Java
-
Build a simple E-commerce PIM with Next.js, Prisma, and Neon
-
Hackers exploited Windows 0-day for 6 months after Microsoft knew of it