New Log4j 1.x CVEs, and critical Chainsaw Vulnerability — What to Do?

This week Apache disclosed 3 vulnerabilities impacting Log4j 1.x versions.

Full disclosure, Log4j 1.x is an end-of-life product anyway, as of August 2015, and the recommended advice has always been to be on a safe log4j 2.x version. But, buried in these CVE disclosures is a critical Apache…

Source: securityboulevard.com – Read more