|
|
|
|
|
|
by marginalia_nu
1474 days ago
|
|
|
The difference with external dependencies is that they are in a sense independent from your code. The real devastating aspect with log4shell is that log4j couples and integrates itself with deployed code. You can't just upgrade log4j without pushing a new release of your applications in the way you can say roll out an updated nginx or logrotate or kibana or whatever. |
|
|