Our great sponsors
-
Apache Log4j 2
Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Quick thought, if I might: this CVE is going to be difficult for all vulnerability scanners, including Spotlight, as vendors that bundle vulnerable versions of Log4j are not issuing new CVEs for their product — they are piggybacking on 44228. For this reason, vuln. management solutions have to try and write a rule sets for a single CVE that covers tens of thousands of pieces of software. You can see a large, but not exhaustive, list of software that is impacted here.
The current recommended action for all those impacted by CVE-2021-44228 or CVE-2021-45046 is to update to Log4j 2.16.0or higher.
Since you appear to be a regex lover (much respect), I was sent this and it is very cool. Absolutely not my work, but thought I would pass it along to get the ideas flowing.