What did Log4Shell teach us about securing open source?

Join the ORC WG on Monday to explore the lessons from Log4Shell and what a CRA-ready Log4j looks like.

📆 March 16 at 12 pm EDT
➕ Add to your calendar: https://buff.ly/GZ8m6Gv

#CRA #CyberResilience #opensource #ORCWG #log4j #CRAMondays

SAP Patch Day März 2026: Zwei HotNews-Lücken in Log4j und NetWeaver geschlossen

Im Fokus stehen eine seit Jahren bekannte Log4j-Komponente und eine Deserialisierungslücke im NetWeaver Enterprise Portal.

https://www.all-about-security.de/sap-patch-day-maerz-2026-zwei-hotnews-luecken-in-log4j-und-netweaver-geschlossen/

#sap #patchday #netweaver #Log4j

Log4Shell revealed just how deeply open source runs through the global software supply chain—and how hard it can be to respond when a critical dependency fails.

Join the ORC WG for the next #CRAMondays to explore the lessons from Log4Shell and what it takes to build a CRA-ready Log4j.

📆 March 16 at 12 pm EDT
➕ Add to your calendar: https://bit.ly/3PuQozy

#CRA #CyberResilience #opensource #ORCWG #log4j

I'm afraid the deprecation of the Security Manager just added several lines to that risk, all linked to running untrusted code....
#JEP411 #Log4J #Log4Shell #Security #securitymanager
https://foojay.io/today/running-untrusted-code/

Projects like Log4j are seeing a flood of low-quality, likely AI-generated security reports that overwhelm maintainers with noise. After high volumes since Dec 2025, only a tiny fraction are real issues and reviewing them strains volunteer time.

Code generation by #AI is not bad per se, but you should still know what you are doing.

https://share.google/5NzOQ0fhog8X2xbfw #OpenSource #Security #Log4j #OSS #AIspam #aicodewriting #codegeneration #vibecoding

📬 Wegen KI-Spam: curl stellt Bug-Bounty ein
#ITSicherheit #Kommentar #KünstlicheIntelligenz #Apache #BugBounty #curl #hackerone #kispam #log4j https://sc.tarnkappe.info/22820d

weil jeder mit nem claude abo denkt er sei jetzt plötzlich security researcher und die bug bounty programme diverser opensource projekte mit slop flutet, stellen jetzt cURL und log4j ihre ein!

die welt ein bisschen unsicherer machen - dank KI! 😠
#cURL #log4j #KI #BugBounty #CyberSecurity #foss #opensource

You know that meme about "all modern digital infrastructure"? I found it in real life! #log4j #allModern #IT #infrastructure

@grobmeier Good logging is the A and O of a good program. Only with logging you can comprehend what was going on in case of unexpectable behaviour. And #log4j is the best tool to do it. It was inveented for #java and due to its superb concept (distinction of loggers, appenders, levels, layout, etc.) it was ported to all other known languages.

My book #Java Logging is the deal of the day!

https://www.manning.com/books/java-logging

If you consider it, today is a good day!

#books #programming #log4j

4 years already since the Log4J incident. That was not a fun time, but this meme made me laugh again this morning. 😆

#SysAdmin #Log4J #Meme

People. Why you gotta do me like this? Even knowing CICD pipes for versions of software that was retired years ago are still chugging along (oh yeah, I know about that one!!) this is an nsane number.

https://www.infosecurity-magazine.com/news/log4shell-downloaded-40-million/

#log4j #cicd

Log4j downloads shows supply chain wake-up call ignored https://www.developer-tech.com/news/log4j-downloads-supply-chain-wake-up-call-ignored/ #log4j #devsecops #supplychain #opensource #infosec #developers #cybersecurity #tech #news #technology

"the #log4j scramble in a nutshell“

(Yong Sheng - https://x.com/ystan_/status/1470206230647894016)

#OnModernDev #AlexThuClassics

#Techflix recommandation: "The Untold Story of Log4j and #Log4Shell | Christian Grobmeier | GitHub" #youtube #log4j #ApacheSoftwareFoundation

Many, many ❤️ to @grobmeier it takes a lot of courage to talk about your failures (no one is error prove!)

(I must laught when his kid asked for help playing minecraft during the incident. Turned out, minecraft suffered about log4j as well)

https://www.youtube.com/embed/t74ClffSUW0

#Log4j 2 Plugins

https://www.baeldung.com/log4j2-plugins

RE: https://ohai.social/@senficon/115417214885782255

#Log4j is popular.
#OpenSource funding is necessary.
Thanks to the @sovtechfund, which did so much for us after Log4shell!

(repost from GitHub blog) The internet was on fire. 🔥
One small library affecting billions of systems.
Log4Shell was the biggest security vulnerability of all time.

Now, Log4J maintainer, Christian Grobmeier tells us what it felt like inside the flames .

https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/ #github #security #log4j #oss #maintainers #opensource

I never imagined GitHub would ask me to speak about Log4Shell.
But it happened.

GitHub asked me to share the story as I lived it, for the benefit of all maintainers and users of open source. How could I say no?

I hope it helps build a more secure future.

No more Log4Shell.

https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/

#opensource #log4j #Log4Shell #programming #security #hacking #Github

#Log4j could have failed many times. But it survived. Not because of money, but because of people. An honest look behind the scenes — from the first line of code to the project’s greatest crisis.

Read Christian Grobmeier’s new piece: https://javapro.io/2025/06/10/the-long-history-of-log4j/

#Log4Shell @theasf