@jcbrand Why did I just know that this snarky crap would come back and bit him lmao
@Marshall1Banana @jcbrand @coolboymew
Why can't everyone just roll back to the previous version that didn't have the exploit? Like what I do with browser updates that don't work right.
@DasSauerkraut @Marshall1Banana @coolboymew @jcbrand

its not a bug its a poorly thought out 'feature' that's in all past versions
@DasSauerkraut @Marshall1Banana @coolboymew @jcbrand the problem apparently existed all throughout the second major version's minor versions (and even under some settings-conditions for some of the range of the first major version, but that's probably pretty uncommon).

Idk specifically, but there are probably differences in how you interact w/ it b/t major 1 & 2, so rolling back might mean rewriting applications.
@collatz @jcbrand @Marshall1Banana @coolboymew
So the fault has been in there for years and was only just found and exploited?
Damn that sucks for, well, everyone using log4j lol.

@jcbrand So, just blocking outgoing LDAP traffic was actually safer and more productive then, correct?

@raucao

I wasn't following this closely, AFAIK the original exploit could give attackers shell access.

@jcbrand Yes, but only if they can load a malicious payload from an LDAP server, which requires outgoing traffic on port 389 or 636.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!