Apache Log4j Security Vulnerabilities: What we need to do?

preview_player
Показать описание
What is Log4j security issue?
What we need to do?

download log4j binary:

git hub log4j :

log4j security explanation:

log4j CVE:

Schedule a meeting in case of any queries/guidance/counselling:

~~~Subscribe to this channel, and press bell icon to get some interesting videos on Selenium and Automation:

Follow me on my Facebook Page:

Let's join our Automation community for some amazing knowledge sharing and group discussion on Telegram:

Naveen AutomationLabs Paid Courses:
GIT Hub Course:

Java & Selenium:

Java & API +POSTMAN + RestAssured + HttpClient:
  1. Naveen AutomationLabs
  2. Apache Log4j Security Vulnerabilities
  3. log4j tutorial in java
  4. log4j vulnerability
  5. log4j exploit
  6. log4j risk
Рекомендации по теме
Apache Log4j Security 0:08:20

Apache Log4j Security Vulnerabilities: What we need to do?

Apache Log4j Security 0:05:19

Apache Log4j Security Vulnerabilities: What we can do?

Log4Shell Apache Vulnerability: 0:42:38

Log4Shell Apache Vulnerability: What to Know and What to Do

What is Log4J 0:10:08

What is Log4J Vulnerability | Log4J Security Vulnerability Explained | Apache Log4J | Intellipaat

Apache Log4j Security 0:10:04

Apache Log4j Security Vulnerabilities: What we need to do?

The Apache Log4j 0:18:36

The Apache Log4j Security Vulnerability

Log4j Affected Libraries/Products 0:07:18

Log4j Affected Libraries/Products DATABASE : Apache Log4j Security Vulnerabilities

Apache log4j Vulnerability 0:15:08

Apache log4j Vulnerability Explained

Log4j (CVE-2021-44228) RCE 0:03:44

Log4j (CVE-2021-44228) RCE Vulnerability Explained

Log4J Security Vulnerability 0:04:01

Log4J Security Vulnerability Explained

What is the 0:02:34

What is the Log4j Vulnerability and How to Protect Against It

Log4j Security Vulnerabilities 0:13:12

Log4j Security Vulnerabilities - With Exploit POC /Live Demo

Fix in a 0:03:56

Fix in a minute - Apache Log4j Security Vulnerabilities

What You Need 0:32:25

What You Need to Know About the Log4Shell / Apache Log4j Injection Vulnerability (CVE-2021-44228)

Apache log4j security 0:07:08

Apache log4j security issue briefing | CVE-2021-44228 zero day attack

[Demo] Apache Log4j 0:02:53

[Demo] Apache Log4j (Log4Shell) Vulnerability – How to discover, detect and protect

Apache Log4j Remote 0:03:02

Apache Log4j Remote Code Execution Vulnerability DEMO by Safe Security | CVE-2021-44228

Log4J Security Vulnerability: 0:06:51

Log4J Security Vulnerability: CVE-2021-44228 (Log4Shell) - in 7 minutes or less (PATCH NOW!)

Log4J Vulnerability: What 0:19:48

Log4J Vulnerability: What We Know About CVE-2021-44228

How bad is 0:16:54

How bad is the Log4j Security Vulnerability? Everything you need to know about Log4Shell.

Apache Log4j (Log4Shell) 0:02:53

Apache Log4j (Log4Shell) Vulnerability – DEMO How to discover, detect and protect

Security Update: Log4j.2.x 0:17:28

Security Update: Log4j.2.x Vulnerability

Urgent Discussion Apache 0:58:46

Urgent Discussion Apache log4j Vulnerability

The Log4j Vulnerability: 0:11:19

The Log4j Vulnerability: Patching and Mitigation

Комментарии
Автор

Thanks Naveen for this quick update, since people are looking out for resolution for it and Now we all having your video as authentic source which can be shared as much as possible to dev and QA. 👍😊

SarangHoley
Автор

download log4j binary:

git hub log4j :

log4j security explanation:

log4j CVE:

naveenautomationlabs
Автор

Thanks Naveen for sharing this in detail. Even, we got a critical issue from customer support recently with critical and dev team updated with 2.15 jars where ever we have been using the log4j jars..

tarakarajendrachinni
Автор

Thanks for explanation on this issue.. today morning I read an article about this but your explanation is very much clear and interesting always. Really thanks Naveen sir :)

venkateshsivadurga
Автор

December 14  - UPDATED RECOMMENDATIONS:

The previous patch iteration 2.15.0 does not fully remediate the vulnerability, and thus it is recommended to apply the latest patch (version 2.16.0)


December 14 - UPDATED REFERENCES:

TWINFLAME
Автор

Great man.. Always you are there with something new and important with detailed explanations.

pravinjadhav
Автор

Please use the latest log4j 2.16.0. it got released some time back and it is more secured than 2.15.0.

praveenreddynarala
Автор

Thanks Naveen, I'm using log4j 1.2.17 is it suggested to change to 2.16.0

madhavigeddam
Автор

Thanks Naveen for wonderful explaination
Adding one more point
We can cross check m2 repository to know if any of our project dependency adding log4j affected version jar.
Earlier version of poi is downloading log4j.

pravinshinde
Автор

Thanks Naveen for a detailed explanation 👍

rishabhkumar
Автор

Thanks Naveen. But I have one question there are multiple jars which utilizes log4j for their in built function and classes...in that case should we also exclude them in POM

sumanchanda
Автор

Thanks Naveen, our team is also looking into.

vishalavishala
Автор

Could really understand and apply immediately.thank you

sukanyaganesan
Автор

I am using selenium inside that pom we have jxl 2.6.12 which is using log4j 1.2.4. Internally how to modify that ?

surojitmoira
Автор

Is Log4j attack more dangerous and harmful than SQL injection attacks?

sumedhtayade
Автор

The problem is using spring boot framework which internally downloads all the dependencies...so how do we get that updated?

hireme
Автор

Thank you for your update.. Log4net have any impact..?

arunkumars
Автор

how do you upgrade this to the latest version.. can you please share steps in windows server machine

LoyisoNicholusGawula
Автор

If applications runs in intranet and not expose to public internet..Will it impacts?..Those applications are third party do we need to upgrade log4j version.?

venkatmurrhy
Автор

Only changing the pom.xml file will fix this? Or we need to put the latest version of jar file in the Artifactory also?

anmolsarena