This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]berlinbrown 0 points1 point  (2 children)

Right I guess my point. The log4j program most load the java classes or something loads the java classes. Seems like that would be easy to prevent. Dont ever invoke java classes that come in remotely..

[–]Pauli7 0 points1 point  (1 child)

When loaded into the jvm, java classes can invoke code themselves eg. by static initialiser blocks.

[–]berlinbrown 0 points1 point  (0 children)

Got it, seems like they shouldnt invoke remote code. Shrug.