This post will be updated over the next several days. Recently, a Remote Code Execution vulnerability was discovered in the Apache Log4J library. This vulnerability, which is tracked in CVE-2021-44228, dubbed Log4Shell, allows attackers to execute arbitrary code on affected systems. While HAProxy Enterprise, HAProxy ALOHA, and other products within the HAProxy Technologies portfolio are not impacted by this (they do not use the Log4J library at all), you can use them to block the attack.

Imagine the scenario: you get an urgent call from one of your customers. All her files seem to be corrupted. And then there’s that email demanding payment via Bitcoin for restoration. She needs your immediate help to get her business up and running. Later on, she’ll demand to know how you let her business be vulnerable to this attack. You had installed firewalls, required strong passwords, and conducted email phishing drills—and still your customer was attacked.

The recent Apache Log4j vulnerability CVE-2021-44228 dubbed Log4Shell is a big deal. By now there is no shortage of blogs, other write-ups, and analysis about why this vulnerability is an urgent issue and why there is a very good chance it applies to your environment. Here are some of the articles that dive into the gory details on this CVE.

Last Thursday, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to Apache by the Alibaba cloud security team on November 24th. MITRE assigned CVE-2021-44228 to this vulnerability, which has since been dubbed Log4Shell by security researchers.

Over the last few days, there have been a tremendous amount of posts about the Log4j 2 vulnerability, with Wired going so far as claiming that, “the internet is on fire.” Tl;dr: LogDNA is not exposed to risk from the Log4Shell vulnerability in Log4j 2 at this time. If that’s all you came for, you can stop reading here. If you want to learn more about the vulnerability and how LogDNA protects you from risks like these, grab a cup of coffee and read on.

Today, we are pleased to announce the release of CFEngine 3.19.0! In 2021, for this release, and the launch of CFEngine Build, our focus has been on collaboration. We want to deliver a lot of value to our users through modules, and enable you to share and cooperate on policy, promise types, compliance reports, etc.

When planning our 2021 roadmap this time last year, one of the most prominent themes was security. Although we’re not solely in the security category, as a fully managed service in the heart of our customers’ software supply chains, it was always paramount for what we do and still is. Ensuring the integrity and privacy of customer data is our top priority.

Software quality has been a topic and an area of interest since the dawn of software itself. And as software evolved so did the techniques and approaches to assuring its high quality. Better computers providing more computing power, bigger storage and faster communication have allowed software developers to detect issues in their code sooner and faster.

If you read my last blog post, you’re already ahead of the game. You know that in May of 2021, the Biden Administration announced Executive Order (EO) 14028: Improving the Nation’s Cybersecurity, which mandates each federal agency to adapt to today’s continuously changing threat environment. Well, folks, the saga continues.