Someone asked me is the log4j vulnerability is fixed?
as history, knowsThe Log4j vulnerability, also known as Log4Shell, is a critical security flaw that allows attackers to remotely execute malicious code on vulnerable systems. The vulnerability affects the widely used Apache Log4j logging library, which is used by many applications and services. The vulnerability has been patched by the Apache Software Foundation for the Log4Shell vulnerability, but further vulnerabilities were discovered in Apache Log4j2 versions 2.0-beta7 through 2.14.1. Users should upgrade to Log4j 2.17.1 (Java 8), 2.12.4 (Java 7), or 2.3.2 (Java 6) to obtain security fixes for the remote code execution attack via JDBC Appender. The vulnerability related to an infinite recursion attack can be fixed by upgrading to Log4j 2.3.1 (Java 6), 2.12.3 (Java 7), or 2.17.0 (Java 8). Users can also mitigate the issue in configuration by replacing Context Lookups with the like statement. It is highly recommended to address this vulnerability as soon as possible to prevent any potential damage.
References: