Jim Cheung

Thursday, December 16, 2021

the log4j2 mess:

Log4Shell log4j vulnerability (CVE-2021-44228 / CVE-2021-45046) - cheat-sheet reference guide

I use anchore/grype to scan for vulnerability:

$ grype myproj-standalone.jar

look for identifier CVE-2021-44228, this tool can also scan docker images

also can reference to some other ways to limit the jndi feature mentioned in this cloudflare article: Inside the Log4j2 vulnerability (CVE-2021-44228)

some clojure news:

nextjournal/clerk: Local-First Notebooks for Clojure looks very cool, I have to try it

books I've been reading:

Blog Archive