Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.

Google\\'s open-source team said they scanned Maven Central, today\\'s largest Java package repository, and found that 35,863 Java packages use vulnerable versions of the Apache Log4j library.

More than 80% of Java packages affected by the vulnerability in the Apache Log4j library cannot be updated directly and will require coordination between different project teams to address the flaw.

Because of the popularity of the Log4j tool with Java developers, the problem is an “endemic vulnerability” for the software industry, according to the board. Luckily, we can identify this security ...

Log4j, the popular logging library for Java, will include a number of configuration options that allows it to run in a completely garbage-free manner. The release follows previous attempts to ...

Attackers are actively exploiting a critical vulnerability in Apache Log4j, a logging library that’s used in potentially millions of Java-based applications, including web-based ones.

* used by the Minecraft client as older java is distributed with the game client. * It is possible to execute arbitrary code on newer java versions, but they * are a minority of users except for ...