Iyo yekukurumidzira chigamba chekusagadzikana kwakashata muJava raibhurari Log4j haina kupusa. Iyo Apache Software Foundation iri kuburitsa vhezheni nyowani kugadzirisa kusagadzikana zvachose.
Kusagadzikana muraibhurari yakakurumbira yakakurumbira yeJava kuri kuzunguza mamiriro epasi rose eIT. Zvinofungidzirwa kuti raibhurari iripo munzvimbo dzakawanda dzemakambani.
Log4j inonyanya kushandiswa kugadzira matanda. Zviitiko mumashandisirwo anogona kunyoreswa nemanotsi. Funga nezve kudhindwa kweiyo login data mushure mekuyedza kupinda. Kana, kana iri yewebhu application muJava, zita rebrowser iro mushandisi ari kuyedza kubatana nayo.
Mienzaniso yekupedzisira yakajairika. Muzviitiko zvese izvi, mushandisi wekunze anopesvedzera irogi iro Log4j inoburitsa. Zvinokwanisika kushandisa pesvedzero iyoyo zvisina kufanira. Iwo matanda echero Log4j vhezheni pakati paGunyana 13, 2013 naZvita 5, 2021 anokwanisa kuraira Java application kumhanyisa kodhi kubva kure server pane yemuno mudziyo.
Kubva 2013, Log4j yanga ichigadzirisa API: JNDI, kana Java Naming uye Directory Interface. Kuwedzerwa kweJNDI kunobvumira Java application kuti imhanye kodhi kubva kune iri kure server pane yemuno mudziyo. Vagadziri vezvirongwa vanodzidzisa nekuwedzera mutsara mumwechete wezve ruzivo nezve iri kure server mune application.
Dambudziko nderekuti havasi vagadziri vepurogiramu chete vanokwanisa kuwedzera mutemo kune zvikumbiro. Ngatiti Log4j inonyora mazita ekushandisa ekuedza kupinda. Kana mumwe munhu apinda mutsetse wataurwa mundima yezita, Log4j inomhanya mutsara uye Java application inodudzira murairo wekumhanyisa kodhi pane yakataurwa sevha. Izvo zvakafanana zvinoenda kune zviitiko apo Log4j inonyora chikumbiro cheHTTPS. Kana iwe ukashandura zita rebhurawuza kumutsara, Log4j inomhanyisa mutsara, ichiraira zvisina kunanga kuti imhanye kodhi sezvaunoda.
Emergency patch inogonawo kusachengeteka
Pana Zvita 9, kusakuvara kwacho kwakauya pachena pamwero mukuru. Iyo Apache Software Foundation, mugadziri weLog4j, akaburitsa chigamba chekukurumidzira (2.15) kugadzirisa kusagadzikana. Kubva ipapo, chave chiri chinhu chakakosha kune vatengesi vesoftware kugadzirisa vhezheni 2.15 uye kupa chigamba chemasangano.
Nekudaro, sangano rekuchengetedza LunaSec rinoti chigamba chacho hachina mvura zvachose. Izvo zvinoramba zvichigoneka kugadzirisa marongero uye kuve nemirairo yeJNDI inoitwa.
Ndokumbira utarise: marongero akakodzera anofanirwa kugadziridzwa nemaoko, kuitira kuti misiyano isina kuchinjwa ye2.15 ive yakachengeteka. Zvakadaro, Luna Sec inokurudzira kuti vatengesi nemasangano vagadzirise kuLog4j 2.16. 2.16 yakaburitswa neApache Software Foundation ichipindura LunaSec. Iyo vhezheni nyowani inobvisa zvachose mamiriro asina njodzi, zvichiita kuti zvisaite kugadzira mamiriro ekushungurudzwa.