16 Dec Security Stop-Press : Apache Log4j Security Vulnerabilities
The Apache Foundation has released an emergency update for a critical zero-day vulnerability in Log4j. This is a widely used logging tool included in almost every Java application. The problem that the update has been issued to address is that a bug in the Log4j library could allow an attacker to execute arbitrary code on a system that is using Log4j to write out log messages. The update can be found here: https://logging.apache.org/log4j/2.x/security.html.