Log4j is an open source library that helps developers log events in their applications. That's a critical function of making sure that things work and it helps IT teams fix things when they go wrong.
The library recently reported a major security vulnerability. That has teams scrambled to contain the issue and fix the problem.
That requires a lot of heavy lifting by teams to figure out WHERE log4j is and then to actually FIX the problem.
If you're interested in the technical details, check out:
- From the log4j project, https://logging.apache.org/log4j/2.x/security.html
- CRN on some of the applications affected, https://www.crn.com/slide-shows/security/10-technology-vendors-affected-by-the-log4j-vulnerability
- Wired on the long term impacts of the issue, https://www.wired.com/story/log4j-log4shell/
