Apache Log4j 2 Alternatives
Similar projects and alternatives to Apache Log4j 2
-
Logback
The reliable, generic, fast and flexible logging framework for Java.
-
tinylog
tinylog is a lightweight logging framework for Java, Kotlin, Scala, and Android
-
SonarLint
Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.
-
-
lunasec
LunaSec - Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. Get started in one-click via our GitHub App or host it yourself. https://github.com/apps/lunatrace-by-lunasec/
-
-
Logstash
Logstash - transport and process your logs, events, or other data
-
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
aegis4j
A Java agent that disables platform features you don't use, before an attacker uses them against you.
-
-
Logbook
An extensible Java library for HTTP request and response logging (by zalando)
-
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
-
Logout4Shell
Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
-
log4j-affected-db
A community sourced list of log4j-affected software
-
-
-
-
-
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Apache Log4j 2 reviews and mentions
-
Reduce Security Risks by Keeping Dependencies Up-To-Date with GitHub Actions and Dependabot
Almost nothing is more ubiquitous in applications than logging libraries. No matter which type of application - hastily thrown-together prototypes, decades-old enterprise monoliths, newly built event-driven serverless apps - there is always the need to log. Even in non-production-grade applications where standard observability patterns such as monitoring and alerting might not be applied - logging is usually always used. Log4j has been without a doubt one of the pioneers in the logging framework sphere and continues to be widely used today making the recent discovery of a zero day exploit in Log4j a good time to highlight how important it is to keep all dependencies of your applications up-to-date at all times.
- GitHub’s database of security advisories is now open source
-
I hate making GUI, what is the point of programming?
Initially I wanted to mention log4j2 as a recent famous software without GUI. Then I was surprised by ClientGui.java but was relieved that log4j-jmx-gui is an optional project only.
-
System Logger
Most applications currently use Log4J2 or SLF4J. Both provide a compatible System.Logger implementation.
-
Code opinion: Should we trust Open Source after Log4J's issues?
The source code of Log4J is publicly available on GitHub
-
Log4j to Logback migration? Good idea or not?
Apache Log4j
-
Log4J
Latest version with fixes is 2.17.1 according to their site. https://logging.apache.org/log4j/2.x/
-
Toronto paramedic union issues warning after no ambulances were available to respond to life-threatening call
In software, you can go and see exactly who did what, when. How the Log4Shell vulnerability was patched, its detailed history and can work out how long that vulnerability was there for. Same with Wikipedia, where you can see every edit and discuss those that were made. It should not take a law degree and weeks of examination to find some bullshit is being slid into a bill, this is criminal.
-
Stellar Cyber: Log4j Vulnerability and Exploitation Detection
Finally, eight years later on November 30, 2021, the Log4j team was made aware of the remote code execution vulnerability as a result of the combination of log interpolation with JNDI lookup. One week later, nearly everyone in the security community and IT industry got informed and started to panic one way or another.
-
Why didn't Minecraft get patched with Log4j version 2.17??
Apache's homepage for Log4j states "Log4j2 versions 2.0-beta7 through 2.17.0 are vulnerable" to this attack and the best course of action is to update to at least 2.17.1. Even version 2.16 was found to have a denial of service vulnerability. So unless you want your poor computer to receive all the requests in the known universe and crash, you need at least version 2.17.1. Meanwhile I'm sitting here doing a system-wide search and I find Minecraft 1.18.1 chillin like a villain with only Log4j version 2.14.1. The hell???
- Does the Heroku Ruby Stack use Log4j?
-
New log4j RCE Vulnerability for 2.17 could be arriving today. Stay tuned!
More in the 2.17.1 changelog here if you’re curious
- Log4j 2.17.0 に関わる新たな RCE 脆弱性 (CVE-2021-4483)
-
A new RCE vulnerability on Log4j 2.17.0 (CVE-2021-4483)
Log4j 2.17.1 was released because a new vulnerability on RCE (Remote Code Execution) had been found in 2.17.0. (CVE-2021-4483)
- Important: Security Vulnerability CVE-2021-44832
Stats
apache/logging-log4j2 is an open source project licensed under Apache License 2.0 which is an OSI approved license.
Popular Comparisons
Are you hiring? Post a new remote job listing for free.