#log4J Log4Shell RCE 0-day exploit

If you develop software in Java, you are probably affected. Log4J is a really popular package to deal with logging.

In a nutshell, if an attacker manages to log a specific, crafted string, the library will load code from a random, remote host. Affected are all versions between 2.0 and 2.14.1.

#log4shell

Given how ubiquitous this library is, the impact of this vulnerability is quite severe. Learn how to patch it, why it’s bad, and more in this post.

Source: Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package | LunaSec

Amazon kündigt Elastic Beanstalk an

Mit Elastic Beanstalk hat Amazon AWS heute einen eine Erweiterung seines Angebots vorgestellt. Damit steigt AWS auch in die “Platform as a Service” (PaaS) Welt ein.

http://aws.amazon.com/elasticbeanstalk/ bzw.

http://aws.typepad.com/aws/2011/01/introducing-elastic-beanstalk.html

Amazon Web Services bisherige Angebote stellen lediglich Infrastruktur on Demand zur Verfügung und verlangen dem Kunden selbst den Betrieb der eigentlichen Softwareplatform bzw. des Application-Stacks ab.

Announcing AWS Elastic Beanstalk