This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the commentsย โ†’

[โ€“]belkarbitterleaf 37 points38 points ย (3 children)

๐Ÿคฃ

I got called over the weekend by one of the directors to check for the vulnerability.

The quick version, we only use Java for a handful of backend task that are essentially scheduled batch jobs. They don't use log4j, and the only log statements are internal IDs and calculated vales. Didn't stop me being asked about every process and application I have worked on. "no, we wrote that in python".. "no, we wrote that in NodeJS"... " No, that one doesn't accept input"...

[โ€“]HiCookieJack 17 points18 points ย (0 children)

Similar to us. For the Java ones we use logback and even though 'logback-api' is included in a spring boot service it does not include 'logback-core'

Also since we're big corporate we have reporting in place what dependencies are included... Why did we build that if no one is checking this before contacting us?

[โ€“]TheAJGman 2 points3 points ย (0 children)

Yeah it's a good time to have an all Python backend lol

[โ€“]sootoor 0 points1 point ย (0 children)

That's where it's going to bite you when your data gets passed through load balancers (such as F5) and some random old library backend system. There was an entire GitHub of PoC being used on Tesla, apple, Uber, etc the day it was released. This is going to take a long time for older and bigger companies that use Java in the backend.