ã¡ãã£ã¢èšäº
äžåœåœå±ãã¢ãªããã®ã¯ã©ãŠãåäŒç€Ÿãšã®æ
å ±å
±æææºåæ¢
ããºãææ°ããŒã¯ 157
twitterã³ã¡ã³ã 63ä»¶äž 1ïœ63件
log4jã®è匱æ§ãå
ã«ç¥ã£ããäœããã€ããã ã£ããã§ããããåœå±
ãµã€ããŒã»ãã¥ãªãã£ãŒäžã®è匱æ§ãè¿
éã«å ±åã»å¯ŸåŠããªãã£ãããšãéé£ããŠãããæ¿åºç³»ã¡ãã£ã¢ãäŒããã
ã©ã£ã¡ããšãããšãèããããšã¬ãããäŒç€Ÿã¯èš±ããããšããæ¹ã倧ããããããïŒ
ãããããã¥ãŒã¹ãèŠããšãäžåœæ¿åºãæªå
¬éã®è匱æ§ãããããããããŠããŠãæ
å ±åéã«äœ¿ããŸãã£ãŠããã®ã¯ééããªãããã«æããã
Log4j2ã®è匱æ§ãéçºå
ã«å ±åããã ãã§åŠåããâŠ
ãŸã圌ããã¡ãããšéçºå ã«å ±åããŠããããããã§ãLog4j2ãæŽã«æªçšããããªã¹ã¯ã¯äœæžãããã ãããª
ãŸã圌ããã¡ãããšéçºå ã«å ±åããŠããããããã§ãLog4j2ãæŽã«æªçšããããªã¹ã¯ã¯äœæžãããã ãããª
Log4j2ã®è匱æ§ã«ã€ããŠãäžåœæ¿åºåœå±ãããå
ã«éçºå
ã®Apache瀟ã«
éå ±ããã®ããäžåœæ¿åºã®æå°ã«åããŠããããåŠçœ°ããããã ãšã
æªçšããæ°æºã ã ã£ããšãããå€éšããã¯èŠããªãã®ã
éå ±ããã®ããäžåœæ¿åºã®æå°ã«åããŠããããåŠçœ°ããããã ãšã
æªçšããæ°æºã ã ã£ããšãããå€éšããã¯èŠããªãã®ã
ããããã¯ðŠ
ãã£ã±ã仲ã¯è¯ãã¯ãªãããã§ããã
ãã£ã±ã仲ã¯è¯ãã¯ãªãããã§ããã
å ±åå
ã®åªå
é äœãééãããããããªã
[ã¿ã¬]äžåœæ¿åºãã¢ãªããã¯ã©ãŠããåŠçœ°ãlog4jã®è匱æ§ãæ¿åºããå
ã«OSSã³ãã¥ããã£ã«å ±åãããã
äžåœåœå±èŽ£ä»€é¿éå·Žå·Žåæ¢äžå
¶åå
¬åžé¿éäºä¹éŽçä¿¡æ¯å
±äº«ïŒå 䞺é¿éäºæ²¡æååœå±æ¥å€è匱æ§æŒæŽãè¿æ¯æ žå¿äžå¡èŠæšéæ³ïŒ
æåŸã®è¯å¿ã朰ãããŠããŸãâŠ
äžåœäººã¯ãšãããäžåœå
񇜆
ã¯ä¿¡çšã§ãããª
ã²ã©ããããããã¢ãªããã¯ã©ãŠãå®å
šã«è²°ãäºæ
ããããŒããã ã£ãŠãããã©ã©ãŒã ã§ãã®äººãããããè匱æ§ãããïŒïŒIs it a security Vulnerability?ïŒãã£ãŠçªã£èŸŒãã ã ãããããžã§ããããèšè«çµ±å¶ãããã
倧å€ã ãªãŒâŠ
å®ã«äžåœããã察å¿ïŒå
šæèªãããšãæšå¥šïŒ
éåä¿¡éã
ã調åã«ä¹ãããã£ãŠããå æžã«ããŒãã
ãŒãã«ãªããããããšãããã£ãŠã
ã£ãŠèšããã€
ã調åã«ä¹ãããã£ãŠããå æžã«ããŒãã
ãŒãã«ãªããããããšãããã£ãŠã
ã£ãŠèšããã€
äžåœåœå±ã«å ±åããã®ãå
ã ãã¿ãããªæããªã®ããããã¯ã¡ã³ãã®åé¡ãªã®ïŒ
ã¢ãªããå¯åæ³éããâŠ
åæåäžè¶³ããªïŒ
ãªãã§ããããããŠåããã
ãã¡æ©ãèŠã€ããäŒæ¥ã眰ãããã¢ã«ã³ãã
ãããªããšãããä»åŸãã°èŠã€ããŠããèŠãªãã£ãããšã«ãããã§äœèšã«ãã¡ãŒãžã§ãããªãã§âŠ
ãããªããšãããä»åŸãã°èŠã€ããŠããèŠãªãã£ãããšã«ãããã§äœèšã«ãã¡ãŒãžã§ãããªãã§âŠ
æåŸã®ç Šã¢ãªããã¯ã©ãŠããã
ð¥
ð¥
ã¢ãªããæ ªã¯å²å®ãå²å®ãäžãããè²·ãå¢ããè²·ãå¢ãã£ãŠèšã£ãŠããã€ãã¿ãŒã®äººãã¡ããã£ããäžããŠãããŠãã®ã«ãã€ãããŸãã£ãŠã人ã»ã©ãè²·ãå¢ãããŠãžããã£ããããããããªãããã(ç¬)
æ¿åºãšã®æ
å ±å
±æææºãšã¯ããã
ã¢ãªããã¯ã¡ãããšããã¹ãããšããã£ãã®ã«äžåœæ¿åºã«å ±åããªãã£ããã眰ãããã£ãŠã²ã©ã
ã¢ãªãã
ç¿è¿å¹³æ°ãžæé 瀺ãèš±ããããã®ã¢ãªãã
ããããã骚ã®é«ãŸã§
ã°ãã°ã芪äžãã€ãã³æ°ã«ä»£ãã£ãŠèªã培åºãä»çœ®ãã
æ°éäŒæ¥âåœæäŒæ¥
2021.12.22
äžåœæ¿åºã¯
ç¿è¿å¹³æ°ãžæé 瀺ãèš±ããããã®ã¢ãªãã
ããããã骚ã®é«ãŸã§
ã°ãã°ã芪äžãã€ãã³æ°ã«ä»£ãã£ãŠèªã培åºãä»çœ®ãã
æ°éäŒæ¥âåœæäŒæ¥
2021.12.22
äžåœæ¿åºã¯
åŒçšããµã€ããŒã»ãã¥ãªãã£ãŒäžã®è匱æ§ãè¿
éã«å ±åã»å¯ŸåŠããªãã£ãããšãéé£ããŠãããæ¿åºç³»ã¡ãã£ã¢ãäŒãããã
åçŽã«äžåœæããããšåãæ¢ããã¹ãããé¿éé²äœ¿ã£ãŠã€ã€ãããšåãæ¢ããã¹ãããå ±éãšããŠã¯äžåœæããããšäŒããŠãæã ãããã©ã³ã¹åã£ãŠãã ããªãã ãããªã
æªçšã§ããè匱æ§ãå
¬è¡šãããããæ¿åºã¯æã£ãã®ãïŒ
ãå·¥æ¥æ å ±çã¯å é±ã®éç¥ã§ããã®è匱æ§ã¯æ©åšã®é éæäœã«ã€ãªããå¯èœæ§ããããããã¯æ©å¯æ å ±ã®çé£ãæ©åšã®ãµãŒãã¹é»å®³ãšãã£ãé倧ãªè¢«å®³ã«ã€ãªããå¯èœæ§ãããããªã¹ã¯ã®é«ãè匱æ§ã ããšææãããã
ãå·¥æ¥æ å ±çã¯å é±ã®éç¥ã§ããã®è匱æ§ã¯æ©åšã®é éæäœã«ã€ãªããå¯èœæ§ããããããã¯æ©å¯æ å ±ã®çé£ãæ©åšã®ãµãŒãã¹é»å®³ãšãã£ãé倧ãªè¢«å®³ã«ã€ãªããå¯èœæ§ãããããªã¹ã¯ã®é«ãè匱æ§ã ããšææãããã
ä»åºŠã¯ã¢ãªããã¯ã©ãŠãããã«ããã³ã®çª
ã¢ãªããã¯3.95ïŒ
ã®äžèœã§ãïŒæ¥è¶³ïŒã
log4j ã®è匱æ§ã US ã®éçºå
ã«ã¬ããŒãããããšã§æ¿ããã«ãªãäžåœæ¿åºããâŠ
*
*
ãããã«ããèšäºãããª
å
šè§ã¢ã«ãã¡ããããšåè§ã¢ã«ãã¡ããããæ··åšããŠããšåŒ·çãªéåæããããªãæ¥æ¬ã®æ°è瀟ã ãã®æªç¿ããšæã£ãŠããã©ãããªããšãªãã£ãã
ãèªåçšã¡ã¢ã
ãé¿éé²ã¯æè¿ããïœïœïœïœïœ
ïœïœïŒïœïŒãã³ã³ããŒãã³ãã«ãªã¢ãŒãã³ãŒãå®è¡ã®è匱æ§ãçºèŠããç±³åœã®ãApache Software Foundationãã«éç¥ãã>>
ãŸãã«"Chinaã§ãæ£ããäºãã§ããäŒç€Ÿã¯ãããChinaã§ã¯ãã®äŒç€Ÿã¯åç¶ã§ããªã"æ¡ä»¶ãå ±åãããæ¹ãå°æ¬ããããé¿éé²ã¯Log4jã®è匱æ§ãçºèŠãApache Software Foundationã«éç¥ãåçã¯ãã®åŸãã®åé¡ã®å ±åãåããã
ãäžåœåœå±ãã¢ãªããåäŒç€Ÿãšã®æ å ±å ±æææºåæ¢
ãäžåœåœå±ãã¢ãªããåäŒç€Ÿãšã®æ å ±å ±æææºåæ¢
è»ã®æ»ææ段ãšããŠãã°ããããã®ã ã£ãã®ã«ã䜿ããªãã£ãã®ã§æã£ã¡ãã£ãããã
èªåœæ¿åºã«å ±åãããéçºå
ã«å ±åããããæä»é¢ä¿ã«ããããã§æã (ä»åã¯åŸè
ãéžãã ã®ã§å¶è£ãåããŠããŸã£ãããã)
ã¢ãªããã®ãšã³ãžãã¢ãå¶ã
åè¯ãªæ¹ã ã£ãããããã¯ä»çµã¿ãç¥ããªãã£ãã£ãŠããšãã
âåçã¯ãã®åŸãé¿éé²ããã§ã¯ãªãã第äžè
ãããã®åé¡ã«é¢ããå ±åãåãããšããâ å
ãšããã®ã¯åé¡ã«ããŠãªãããããªãããªãïŒæšæž¬ã ãã©ïŒ
åœå±ãã¡ã£ããªãã§ãããªçŸå³ãããã°ãçã£å
ã«æãããŒã®ïŒ ãåãããªïŒã
å
ã«äžåœåœå±ã«å ±åããŠã管èœãäžéãæ
å ±æããåŸã«éçºè
ã«éå ±ãããšæã£ãŠããã©ãã¢ãªããã¯åæã®ç¬¬äžè
ã ã£ãã®ã§èªèãæ¹ãããä»åŸã¯ç¥ãããã©ã
w
ããæµç³ã«é¢çœããããª
ããæµç³ã«é¢çœããããª
ãã£ããã®ãã£ã³ã¹ã ã£ãã®ã«ãã(äœã?
ãããªãã®ãâŠ
å·¥æ¥æ
å ±çãšã¢ãªããã®ååããŒãããŒã·ããã®çšåºŠã¯ã©ã®ããããã¯ããããªãããã©ã
>é¿éé²ããã§ã¯ãªãã第äžè ãããã®åé¡ã«é¢ããå ±åãåãã
æ åœè ãæ¥ãããŠã¡ã³ããã€ã¶ããã±ãŒã¹ããªã
>é¿éé²ããã§ã¯ãªãã第äžè ãããã®åé¡ã«é¢ããå ±åãåãã
æ åœè ãæ¥ãããŠã¡ã³ããã€ã¶ããã±ãŒã¹ããªã
æ¬è³ªã§ã¯ãªããã©ïŒãïœïœïœïœïœ
ïœïœïŒïœïŒããšããïœïœïœããšãå
šè§ã§èªã¿ã«ãããŠä»æ¹ããªããã ãã©ïŒèšè¿°äžã®ã«ãŒã«ãããã®ïŒ
ãApache Software Foundationãã¯åè§ãªã®ã«...
ãApache Software Foundationãã¯åè§ãªã®ã«...
ãµãŒããäžåœã®åœå±ã«å
ã«å ±åããŠãããåœå±ã¯ãããå©çšããŠäžçäžããæ
å ±ãæãåãããšãåºæ¥ããããã»ãã«ãããããããªãã®ïŒ
äžåœåœå±ããå
ã«Apache Software Foundationã«è匱æ§ãå ±åããã®ã§ "ãµã€ããŒã»ãã¥ãªãã£ãŒäžã®è匱æ§ãè¿
éã«å ±åã»å¯ŸåŠããªãã£ãããšãéé£ããŠãããæ¿åºç³»ã¡ãã£ã¢ãäŒããã" ãâŠ
ãäžåœæ¿åºã¯åœæäŒæ¥ã«å¯Ÿããæ¥å¹ŽãŸã§ã«ããŒã¿ãã¢ãªãããéš°èšæ§è¡ïŒãã³ã»ã³ãã»ããŒã«ãã£ã³ã°ã¹ïŒãšãã£ãæ°éäºæ¥è
ããåœãåŸæŒãããã¯ã©ãŠãã·ã¹ãã ã«ç§»è¡ããããæ±ããŠããããïŒ
ã²ãã£ãšããŠè匱æ§ã®ããªããããã¯ãã¢ã ã£ãïŒ
ããªãã§æ¿åºã«äŒããããå
ã«å
¬éãããã ãïŒ30åã®ããã€ã¹ãæãåœã®æ¯é
äžã«çœ®ããã£ã³ã¹ããã€ãããã ãïŒããšãããããâŠâŠ(-_-;)
ã€ãã« $baba ã®ã¯ã©ãŠãã«æé²ãâŠ
äžåœæ¿åºã¯æ°éäºæ¥è
ãæµ·å€ã®ã³ãã¥ããã£ãŒããåæããŠãäŸãã°ãã·ã¢ãšå調ããè«å ±æŽ»åãšãã§ãµã€ããŒã»ãã¥ãªãã£ãç¶æããã€ãããªã®ãç¥ããŸããããã³ãã¥ããã£ãŒãåªå
ããã¢ãªããã®æè¡è
ã«è³ã
工信éš(æ¥æ¬ã®çµç£ç?)ã«æèœãªãã€å€ããã§ããã
ã¢ãªããã¯ã©ãŠããlog4j2ã³ã³ããŒãã³ãã®ãªã¢ãŒãã³ãŒãå®è¡ã®è匱æ§ãçºèŠããç±³åœã®ãApache Software Foundationãã«éç¥ããããšãçŽ æŽãããå€æã«æãããå
ã«åœå±ã«é£çµ¡ããŠããããã©ããªçµæã«ãªã£ãŠããããšã ããã
äžåç£ãITãæè²
次ã¯ã©ããã¿ãŒã²ããã«
ãããã®ãð±
次ã¯ã©ããã¿ãŒã²ããã«
ãããã®ãð±
äžåœå·¥æ¥æ
å ±çã¯ãããã®è匱æ§ã¯æ©åšã®é éæäœã«ã€ãªããå¯èœæ§ããããããã¯æ©å¯æ
å ±ã®çé£ãæ©åšã®ãµãŒãã¹é»å®³ãšãã£ãé倧ãªè¢«å®³ã«ã€ãªããå¯èœæ§ãããããªã¹ã¯ã®é«ãè匱æ§ã ããšææã
ãããã
äžåœåœå±ãã¢ãªãããä¿¡çšããªãã£ããã ãã
ã§ãã©ã£ã¡ãä¿¡çšããŠããã®ïŒïŒww
ã§ãã©ã£ã¡ãä¿¡çšããŠããã®ïŒïŒww
ãã£ã£ã£ã
äžåœæ¿åºã¯åœæäŒæ¥ã«å¯Ÿãæ¥å¹ŽãŸã§ã«ããŒã¿ãã¢ãªãããéš°èšæ§è¡ãšãã£ãæ°éäºæ¥è
ããåœãåŸæŒãããã¯ã©ãŠãã·ã¹ãã ã«ç§»è¡ããããæ±ããŠããããšãâ