Operations | Monitoring | ITSM | DevOps | Cloud

This post will be updated over the next several days. Recently, a Remote Code Execution vulnerability was discovered in the Apache Log4J library. This vulnerability, which is tracked in CVE-2021-44228, dubbed Log4Shell, allows attackers to execute arbitrary code on affected systems. While HAProxy Enterprise, HAProxy ALOHA, and other products within the HAProxy Technologies portfolio are not impacted by this (they do not use the Log4J library at all), you can use them to block the attack.

Modern applications come in a variety of forms–monoliths, microservices, serverless functions, and containers to name a few–but at the heart of all of these are processes. Processes are the fundamental unit of execution that we use to run programs, and although we need processes to run our applications, software engineers rarely think about them.

Imagine the scenario: you get an urgent call from one of your customers. All her files seem to be corrupted. And then there’s that email demanding payment via Bitcoin for restoration. She needs your immediate help to get her business up and running. Later on, she’ll demand to know how you let her business be vulnerable to this attack. You had installed firewalls, required strong passwords, and conducted email phishing drills—and still your customer was attacked.

December 7 started as a typical, but busy, pre-holiday weekday. This included a mix of booming online retail sales ($33.9 billion spent during cyber week), packages flooding delivery services, and high online traffic. But much of that quickly came to a crawl. An outage of the AWS us-east-1 cloud region changed the good fortune for many websites and applications and impacted the lives of consumers across the United States and parts of Europe.

The recent Apache Log4j vulnerability CVE-2021-44228 dubbed Log4Shell is a big deal. By now there is no shortage of blogs, other write-ups, and analysis about why this vulnerability is an urgent issue and why there is a very good chance it applies to your environment. Here are some of the articles that dive into the gory details on this CVE.

Last Thursday, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to Apache by the Alibaba cloud security team on November 24th. MITRE assigned CVE-2021-44228 to this vulnerability, which has since been dubbed Log4Shell by security researchers.

We’re excited to share with you that we have launched a completely new way to start using the JFrog DevOps Platform that you – as a developer – will love. We’ve provided a super-easy, developer-friendly path to discovering how Artifactory and Xray can help you produce safer apps, faster, getting started through the command line shell and IDE that you use every day.

WebPageTest recently completed a year as part of the Catchpoint family (yes, we acquired a company during the pandemic). In the past twelve months, we have built an entire WebPageTest team to power the developer experience around web performance. We’ve also launched initial premium experiences on the platform. Our developer community continues to contribute to the beloved open-source version, as well as share best practices with other users.