Umthelela wokuba sengozini okungaziwa kulabhulali ye-Java i-Log4j iyaqhubeka. Nakuba inkinga enkulu yaxazululwa ngesichibi esiphuthumayo esingu-2.16, le nguqulo nayo ibonakala isengozini yokuhlukunyezwa. Abacwaningi bezokuphepha bathole indawo yokungena yokuhlaselwa kwe-Denial of Service (DoS). I-Log4j 2.17 ishicilelwe ukuze kuvalwe okufakiwe.
I-Apache, umthuthukisi womtapo wolwazi we-Java, weluleka izinhlangano ukuthi zisebenzise isichibiyelo esiphuthumayo. Leso seluleko sisebenza okwesithathu njengoba kwatholakala ukuthi umtapo wolwazi usengozini.
Evikini nesigamu eledlule, abacwaningi bezokuphepha bakwa-Alibaba cloud ithimba lezokuphepha liveze indlela yokuhlukumeza izinhlelo zokusebenza nge-Log4j. I-Log4j isetshenziswa ezinhlelweni zokungena imicimbi. Kube nokwenzeka ukuba ufinyelele izinhlelo zokusebenza ngomtapo wolwazi uvela ngaphandle ngemiyalo yokusebenzisa uhlelo olungayilungele ikhompuyutha. Ukuhlukumeza kuthatha okungaphezu kokuphazima kweso. Engeza kulokho ngesilinganiso sokwenzeka kwelabhulali ezindaweni eziningi zezinkampani futhi uyasiqonda isikali senhlekelele ebhekene nesimo se-IT somhlaba.
Abathuthukisi be-software abafana ne-Fortinet, i-Cisco, i-IBM kanye nenqwaba yabanye basebenzisa umtapo wezincwadi kusofthiwe yabo. Abathuthukisi babo basebenze isikhathi esengeziwe ngempelasonto ka-December 11 ukuze bacubungule indawo yokuqala yezimo eziphuthumayo ukuze babe sengozini futhi bayilethe ezinhlanganweni zabasebenzisi. Kulindeleke okufanayo ncamashi ukukhukhuleka okuvela emaqenjini e-IT ngaphakathi kwalezi zinhlangano. Amakhulu ezinkulungwane zemizamo yokuhlasela yenzeka emhlabeni wonke. Wonke umuntu kwakudingeka ashintshele ku-2.15 ngokushesha ngangokunokwenzeka - kuze kube yilapho i-2.15 nayo itholakala ukuthi isengozini.
Ukucushwa okuthile komtapo kwahlala kungenzeka enguqulweni engu-2.15. Ukusebenzisa lokhu kulungiselelwa kuqhubekisele phambili ubungozi. Inguqulo engu-2.16 yenza ukucupha kungenzeki, kwaqinisekisa isiqeshana esisha. Imvamisa ukudumala kwamaqembu e-IT asesebenze kakhulu. Kodwa-ke, kungaba kubi kakhulu, ngoba i-2.16 nayo inesifo.
Buyela ukuze uqale
Ukunakwa okukhulu komhlaba wonke kule nkinga kwabangela uphenyo olukhulu emhlabeni wonke. U-Apache, unjiniyela womtapo wolwazi, akakwazi ukudonsa umoya izinsuku ezimbili ngaphandle kwenkampani yonogada ekhomba inkinga entsha, ecindezelayo.
Ngamafuphi, kuvela ukuthi kungenzeka ukusebenzisa inqwaba yezinguqulo ze-log4j - kufaka phakathi i-2.16 - ngomugqa owodwa (intambo) ukuze kuqalwe iluphu yaphakade ephahlaza uhlelo lokusebenza. Izimo indawo okumele ihlangabezane nazo ukuze ihlukunyezwe zibanzi. Ibanzi kangangokuthi kuyaphikiswa ukuthi ukungathi sína kwenkinga. I-patch inconywa ngokusemthethweni, kodwa akuwona wonke umuntu oqinisekayo.
Futhi, akuzona zonke izimo ze-Log4j ezisengozini, kodwa izimo kuphela lapho umtapo wezincwadi usebenza kuzilungiselelo zangokwezifiso. Umuntu ongase abe umhlaseli naye udinga imininingwane enemininingwane yokuthi i-Log4j isebenza kanjani. Ukungafani kokuqala, ukuba sengozini okufinyeleleka kalula.