(no title)

Work in one of the largest financial org in the world as a Java dev for critical system (albeit not internet facing), learned of this just now on this thread...

Edit: upon checking, we're safe, it doesn't impact log4j1, only the second version. We're not cowboys using versions as young as 2012 lol.

It’s definitely happening. People are just too busy to post about it. I’m on a few hours sleep over the last couple days myself.

I'm sure many folks here spent their Friday, Saturday, and possibly even Sunday patching, and won't speak up in case their profile connects to their company.

Friday mid-afternoon a Google search for the exploit showed there were many websites in several languages giving instruction on how to exploit the vulnerability. This is hitting hard and fast.

I work for a bank in APAC region and we had at least one big change out on Friday evening to address this.

It was on the news in my country. There have been several notable ransomware attacks in the last few years, it's become an issue for a country and government that's gone all in on digital.

I had an ex colleague at Google talking about it on Facebook...if he had to bring an internal stuff of Facebook, it must be really bad.

There are many: https://www.techsolvency.com/story-so-far/cve-2021-44228-log...