This Log4j vulnerability (CVE-2021-44228) has already become a “flashbulb memory” event in the timeline of significant vulnerabilities. It is the most widely used logging framework in the Java ecosystem — in fact, we’ve seen it downloaded 84 million times from the Central Repository in just the last 4 months.
Organizations need to be aware of Log4j not only in the software they produce, but also in the software they use. Any software written in Java is very likely to contain Log4j somewhere in its stack, including embedded devices.
In this video our partners at Sonatype, including Brian Fox, CTO, Ilkka Turunen, Field CTO, and Steve Poole, Developer Advocate at Sonatype discuss the latest updates and implications of the Log4j vulnerability - and share new information about how far widespread the vulnerability actually is.
