**the Hearth** @Felthry@awoo.space · 2021-12-11T01:35:43Z

the Hearth @Felthry@awoo.space

the Hearth @Felthry@awoo.space

wait, what happened with java?
-F

Dec 11, 2021, 01:35 · · · ·

**Siph** @Siph@rage.love · Dec 11, 2021, 01:36

**Siph** @Siph@rage.love · Dec 11, 2021, 01:36

Dec 11, 2021, 01:36

Siph @Siph@rage.love

@Felthry huge security exploit found in log4j, a logging module used in a whole bunch of software made in java

**Terrana ΘΔ&** @terrana@sleeping.town · Dec 11, 2021, 01:37

**Terrana ΘΔ&** @terrana@sleeping.town · Dec 11, 2021, 01:37

Dec 11, 2021, 01:37

Terrana ΘΔ& @terrana@sleeping.town

@Felthry There's a remote code execution vulnerability in one of the most popular logging libraries.

**the Hearth** @Felthry@awoo.space · Dec 11, 2021, 01:38

**the Hearth** @Felthry@awoo.space · Dec 11, 2021, 01:38

Dec 11, 2021, 01:38

the Hearth @Felthry@awoo.space

@terrana Is there anything we need to do (update java etc) or is this a problem that only people running servers need to worry about? because i've seen people directing stuff to people running servers specifically
-F

**the Hearth** @Felthry@awoo.space · Dec 11, 2021, 01:41

**the Hearth** @Felthry@awoo.space · Dec 11, 2021, 01:41

Dec 11, 2021, 01:41

the Hearth @Felthry@awoo.space

@terrana (if you know, anyway. You seem like someone who would know, is all!)
-F

**Terrana ΘΔ&** @terrana@sleeping.town · Dec 11, 2021, 01:47

**Terrana ΘΔ&** @terrana@sleeping.town · Dec 11, 2021, 01:47

Dec 11, 2021, 01:47

Terrana ΘΔ& @terrana@sleeping.town

@Felthry It primarily affects servers. Java-based client applications are also vulnerable, most notably Minecraft, but all you can really do about those is avoid connecting to untrusted servers and wait for them to be updated.

**the Hearth** @Felthry@awoo.space · Dec 11, 2021, 01:48

**the Hearth** @Felthry@awoo.space · Dec 11, 2021, 01:48

Dec 11, 2021, 01:48

the Hearth @Felthry@awoo.space

@terrana Thank you, that's a worry off our plate then.
-R

**Julie Sqveakaroo** @JulieSqveakaroo@dragon.style · Dec 11, 2021, 01:44

**Julie Sqveakaroo** @JulieSqveakaroo@dragon.style · Dec 11, 2021, 01:44

Dec 11, 2021, 01:44

Julie Sqveakaroo @JulieSqveakaroo@dragon.style

@Felthry

It's vulnerable to a newly found exploit that is executable remotely.

Awoo.space is a Mastodon instance where members can rely on a team of moderators to help resolve conflict, and limits federation with other instances using a specific access list to minimize abuse.

While mature content is allowed here, we strongly believe in being able to choose to engage with content on your own terms, so please make sure to put mature and potentially sensitive content behind the CW feature with enough description that people know what it's about.

Before signing up, please read our community guidelines. While it's a very broad swath of topics it covers, please do your best! We believe that as long as you're putting forth genuine effort to limit harm you might cause – even if you haven't read the document – you'll be okay!

Trending now

Resources

Developers

What is Mastodon?

awoo.space

More…