Another Serious Apache Log4j Vulnerability & Patch

The severity score of a known Log4j Bug has been updated from a 3.7 to 9.0 (out of 10). Subsequently a new fix for the issue (which impacts the Log4j logging utility) has been published.

Specific comments and conversation can be read on the Apache Log4j Issues area found here.

It has been unofficially recommended to complete disable the JNDI (Java Naming and Directory Interface). Notably because the large majority of users are unlikely to be using it anyway. Users requiring Java 7 are recommended to upgrade to Log4j release 2.12.2 when it becomes available.

How can we help?

It is important to resolve this issue and remove any chances of vulnerability within your business systems. If you need any support, you can always reach out to Britec and contact us.