Chris Wysopal · Dec 18, 2021 · 12:01 PM UTC

Chris Wysopal @WeldPond

18 Dec 2021

Log4j 2.17.0 is out and protects against infinite recursion DoS. CVSS 7.5 logging.apache.org/log4j/2.x…

Chris Wysopal @WeldPond

13 Dec 2021

Log4j 2.16.0 is out and completely disables JNDI by default. logging.apache.org/log4j/2.x…

172

383

Bil Corry · Dec 18, 2021 · 5:42 PM UTC

Bil Corry · Dec 18, 2021 · 5:42 PM UTC

Bil Corry @bilcorry

18 Dec 2021

Replying to @WeldPond

It would help if they had release dates on there. Did .17 release yesterday? Or earlier this week?

Dec 18, 2021 · 5:42 PM UTC

Chris Wysopal · Dec 18, 2021 · 6:08 PM UTC

Chris Wysopal @WeldPond

18 Dec 2021

Replying to @bilcorry

I think it was early morning today

Bil Corry · Dec 18, 2021 · 6:08 PM UTC

Bil Corry @bilcorry

18 Dec 2021

Thanks!

R M · Dec 30, 2021 · 12:58 AM UTC

R M @kingthorin_rm

30 Dec 2021

Dates can be found here: logging.apache.org/log4j/2.x… 2.17.0 was the 17th, 2.17.1 was the 27th.

Bil Corry · Dec 30, 2021 · 2:25 AM UTC

Bil Corry @bilcorry

30 Dec 2021

Thanks!