LinkedIn

Log4Shell Lessons: What the Log4j Vulnerability Taught Us About Java Dependency Risk

On December 9, 2021, a zero-day vulnerability in Apache Log4j 2 — one of the most widely used logging libraries in the Java ecosystem — was publicly disclosed. Within hours, proof-of-concept exploits ...
LinkedIn

Log4Shell (CVE-2021-44228): Four Lines of Code, Full Control of the Server

A few years have passed since Log4Shell was disclosed, but I keep returning to it. Not because it is old news. Because it is one of the clearest examples of how a single architectural decision can sit ...
InfoWorld

A fresh look at the Spring Framework

The Spring Framework is possibly the most iconic software development framework of all time. It once suffered from a reputation of bloat, but it has long since shed that perception. The heart of ...
GitHub

CIB seven - Keycloak Identity Provider Plugin

Keycloak™ (https://www.keycloak.org/) is an Open Source Identity and Access Management platform including advanced features such as User Federation, Identity ...
GitHub

flowerlake/spring-jolokia-rce

一个包含 Spring Boot Actuators 的漏洞应用,该测试环境包含4个库:spring-boot-starter-web、spring-boot-starter-actuator、spring-cloud-starter-netflix-eureka-client、jolokia-core。注意该测试需要在jdk1.8.181 ...