The Branch Chief's Guide to Java Security

Just as Java is everywhere, Log4j is everywhere within Java. 

Discovered in December 2021, a security vulnerability in Apache’s Log4j allows widespread exploitation of remote code execution (RCE).  Simply put, an unauthenticated remote actor could exploit this vulnerability to take control of an affected system and embed malware.

This guide provides:

• A basic understanding of Log4j
• Best practices for mitigating the Log4j vulnerability discovered in December 2021
• Tips for understanding Java security updates 
• And safer alternatives for Java runtime subscriptions