[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Fri Dec 31 05:24:50 EST 2021
On 2021-12-30, Arne Vajhøj <arne at vajhoej.dk> wrote:
> On 12/20/2021 2:23 PM, Simon Clubley wrote:
>> On 2021-12-20, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>> (Hoff already mentioned that one)
>>
>> I missed that. Sorry. :-)
>
> And they found yet another vulnerability so now 2.17.1 is out.
>
On the plus side, at least the discoveries are getting further apart. :-)
As a gentle reminder to everyone, this is what awaits VMS if the
researchers turn their attention to it. Log4j was in use for years
and only after researchers turned their attention to it, did these
longstanding issues get discovered.
I'm sure that when the vulnerable Log4j versions were introduced,
everyone continued to use it without thinking that they may have
just introduced a vulnerability into their application.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list