Twitter Feed
@likethecoins ("Katie Nickels") wrote:
It appears there is a *second* Log4J vulnerability that requires another patch.
First CVE from last week: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
New CVE today: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046with quote tweet:
Remember how I was yelling about patching to log4j 2.15 and how we couldn't be friends if you didn't?
That, but now please patch to 2.16. 😬
(New patch fully disables JNDI and removes support for Message Lookups)