What is Log4J and How did PaperCut Handle It?

By Andrew Bailey, PaperCut: First thing, if you haven’t patched some software for Log4shell yet… Do that now. I’ll wait.

Some context around security vulnerabilities

Bugs in commonly used software libraries (reusable packages of code that developers use to make things easier for themselves) are generally amongst the worst vulnerabilities that you can get.

For a couple of reasons. They affect lots of different software vendors and it’s pretty usual for those vendors to find out about the problem when it becomes public.

So patches aren’t usually immediately available for most software. This makes it a race between the software vendor to get fixes in place before attackers leverage it for widespread exploitation, i.e. everyone gets hacked.