OffHeap 69. Ok, so the internet burned down with Log4J.
Description
Hopefully you have had some time to R&R, but if you were in tech around Dec 2020, you heard that there was this massive security incident around Log4j. It affected almost everyone, from large to small companies, and if you work in Java, chances are that you might've to work on it too (and if you haven't, it's a good idea to double-check your code)
It has a severity of "10", which is rare, and what makes it hard to ignore. If you want to understand what it was about, and how it got there, then take a listen. Learn how to patch against it, as we travel and dive into the mechanics and the missed opportunities that happened.
http://www.javaoffheap.com/datadog
We thank DataDogHQ for sponsoring this podcast episode
DO follow us on twitter @offheap
http://www.twitter.com/offheap
*News*
MicroProfile 5.0:
https://microprofile.io/
Eclipse IDE Release
https://www.eclipse.org/downloads/packages/release/2021-12/r
NetBeans 12.6 Release
https://netbeans.apache.org/download/nb126/index.html
Spring Native 0.11 Release
https://docs.spring.io/spring-native/docs/current/reference/htmlsingle/
*Discussion*
Log4j2
https://www.lunasec.io/docs/blog/log4j-zero-day/
It made CNN:
https://www.cnn.com/2021/12/13/politics/us-warning-software-vulnerability/index.html