When acquiring a logger for a particular Java class, it is common for the Java developer to use that very class to name the logger. In Log4j, this is typically done with a reference to the class ...

In this blog post, I look at Log4j ‘s overloaded Logger.log methods and java.util.logging ‘s overloaded Logger.log methods. The next example is a little contrived, but should suffice.

Amazon Web Services (AWS) has updated the 'detectors' in its CodeGuru Reviewer tool to seek out log injection flaws like the recently disclosed Log4Shell bug in the popular Java logging library Log4J.

Attackers are actively exploiting a critical vulnerability in Apache Log4j, a logging library that’s used in potentially millions of Java-based applications, including web-based ones.