I put together this simple application to demonstrate the Log4Shell vulnerability to my colleagues. To exploit the vulnerability, we need an exploit string and a Java Main class that logs that string using Log4J. First, we need to set up the application. The easiest way is through Maven to set up the Log4J dependency. I’m […]
The major flaw found in Log4J, a Java logging API, has had a lot of focus this week, and security experts and IT teams have been scrambling to ensure their web servers are not vulnerable. Amid all this craziness, we should not forget that Enterprise Java Software is not limited to the world of HTTP […]
Log4Shell CVE-2021-44228 describes a remote code execution vulnerability in Log4J 2. We can confirm that our Maverick Java SSH APIs do not depend on Log4J 2, and we do not distribute the affected versions with our APIs as a third-party dependency. However, using these versions with our library through the SLF4J facade we use to […]
The latest Maverick Legacy 1.7.27 releases include a new concept called Managed Security. This update introduces several changes under the hood to ensure that usage of the APIs maintains the highest possible security whenever possible. We introduced a set of security levels to classify the algorithms we support. As a developer, you can now fix […]
With the release of OpenSSH 8.2 last week, the project announced that they would disable ssh-rsa signatures in a future version. I thought it would be paramount to update our API users on what this means in practice and how it will impact your implementations. Why are SSH-RSA signatures being disabled? OpenSSH has decided to […]