Originally discovered by some bright spark at Alibaba, the vulnerability was reported to the Apache Software Foundation on December 9th, who gave it a CVSS rating of 10, the highest possible score. Dubbed “Log4Shell”, and christened with an awe-inspiring MS Paint logo, the vulnerability has been described as “the single biggest, most critical vulnerability of the last decade”, due to the library’s widespread usage.

CERT NZ is warning that this vulnerability is currently being actively exploited.

The proper way to mitigate this vulnerability - and vastly improve your quality of life in the process - is to stop using Java. Removing Java will not only reduce your potential attack surface, it will also make you richer, more attractive, and both clean and straighten your teeth. YMMV.

I only hope we remember the lessons of Java when trying to re-implement it as packaging systems like Snap and Flatpak.


bespoke | open | secure