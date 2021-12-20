This problem was detected after version 2.15.0 was discovered to be vulnerable to possible DoS attacks and later also affected version 2.16.0. This bug arose in Apache’s JIRA project. This caused Apache to release a new vulnerability registered as CVE-2021-45105, with a Danger score of 7.5 .

However, it should be mentioned that it has been classified as less gravity , although it is still high. Of course, it is also essential that users update as soon as possible and thus avoid problems that put their devices and their proper functioning at risk.

First they released version 2.15.0 to correct the important vulnerabilities that affected this library. They later released 2.16.0 and, in this case, the version 2.17.0 . This is a denial of service (DoS) vulnerability that needs to be addressed. It has been registered as CVE-2021-45105 .

As indicated in the information note, “Apache Log4j2 versions 2.0-alpha1 to 2.16.0 did not protect against uncontrolled recursion of self-referential searches.”

Important to install the latest version

Once again, it turns out it is essential to install the latest version available to avoid security problems. In this case it is version 2.17.0. This patch has already been released and allows search strings in settings to be recursively expanded.

This problem appears just when Google has indicated that more than 35,000 Java packages they have Log4j flaws. Most of them use these packages indirectly and this means that not all developers can have a clear visibility of their software.

Even from Google they claim to be pessimistic about the time to end this whole matter. They believe that it will be years before the Log4j vulnerabilities are completely removed from all Java packages. This gives hackers a great opportunity to target vulnerable servers, where they can sneak malware or ransomware.

The best option we have to correct these problems and avoid being victims of cyber attacks of this type is to install the latest versions. In this case it is add version 2.17.0 and correct this specific problem, but it is something that we must apply in any circumstance. We must always have the latest updates to the operating system, browser or any program that we use.

Although sometimes connection problems may arise after an update, we must always verify that we have those latest versions available and that our devices are really protected to be able to surf the net with guarantees and make things as difficult as possible for hackers.