Obunye ubuthathaka bufunyenwe kwi-Log4j kwaye i-Apache Foundation ikhuphe esinye isiqwenga. Uguqulelo lwe-Log4j 2.17.1 kufuneka kwakhona lulungise ukwenziwa kwekhowudi ekude.
Ubuthathaka obufunyenwe ngoku, i-CVE-2021-44832, ye-Log4j ifumaneka kwinguqulo 2.17.0. Ubuthathaka buvumela abahlaseli abanemvume yokuguqula ifayile yoqwalaselo lokuloga ukuseta uqwalaselo olukhohlakeleyo lokwenziwa kwekhowudi ekude.
Ubuthathaka obufunyenweyo ngoku buchaphazela zonke iinguqulelo, kuquka nezi zamva nje, ukusuka kwi-Log4j 2.0-alpha ukuya ku-2.17.0. Kuphela ziinguqulelo 2.3.2 no-2.12.4 ezingachaphazelekiyo.
Isithintelo JDNI amagama emithombo yedatha
Isiqwenga sivala ubuthathaka ngokuthi, phakathi kwezinye izinto, kuthintelwe amagama emithombo yedatha ye-JDNI kwi-Log4j kwinguqulo 2.17.1 kunye neepatshi zangaphambili kwiprothokholi yeJava. Oku kusebenza nakwinguqulo 2.12.4 yeJava 8 kunye ne-2.3.2 yeJava 6.
Ubuthathaka obungakumbi be-Log4j bulindelwe
Abaphandi bachonge ukuba semngciphekweni usebenzisa izixhobo zokuhlalutya ikhowudi ezimileyo ezidityaniswe nophando olwenziwa ngesandla. Ngokweengcali, ubuthathaka obufunyenweyo abukho bubi njengoko bubonakala, kodwa amabala kufuneka aphunyezwe. Balindele ubuthathaka obungaphezulu be-Log4j ukuba buvele kungekudala. Ngokuqinisekileyo ezi kuya kufuneka zicocwe.