/mf2/2021/12/iv8sw/ · Jamie Tanna

Post details

https://twitter.com/BlueSpaceCanary/status/1471695226188099589
String interpolation in log messages has been removed in Log4j 2.16.0, so one would have to use this pattern explicitly in the Log4j configuration file. In other words, an attacker would need to be able to overwrite the Log4j configuration to exploit this.
(╯°□°）╯︵ ┻━┻ (@joschi83)Fri, 17 Dec 2021 08:29 GMT

Fri, 17 Dec 2021 16:29 by Jamie Tanna . #log4shell.

Also on:

This post was filed under reposts.

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.