Log4j Remediation Rules Now Available for WhiteSource Renovate and Enterprise

The Software Composition Analysis leader now offers a remediation preset for WhiteSource Renovate and Enterprise, enabling users to identify and fix the Log4j vulnerability from hundreds of downstream dependent packages of Log4j.

January 4, 2022

2 Min Read

PRESS RELEASE

TEL AVIV, Israel and BOSTON, Jan. 4, 2022 /PRNewswire/ -- WhiteSource, a leader in open source security and management, today announced that a Log4j remediation preset is now included in both its commercial product and free GitHub developer tool. This preset allows enterprises to find and automatically fix both direct and indirect Log4j dependencies, which is something that no other security vendor is currently providing. In addition, a new online resource center has been made available by the company, to provide Log4j remediation and secure coding best practices.

Since the Log4Shell vulnerability was first published by the national vulnerability database (NVD) on Dec 12th, 2021, two additional vulnerabilities were found in the popular Java logging framework, Log4j. Our research shows that Log4j has been used in over 52% of applications used across top 2000 organizations in the software development industry.

While additional vulnerabilities may still be found, the new versions of Log4j resolve all known vulnerabilities. However, many packages in the Maven and Gradle ecosystems use Log4j, so remediating it requires more than just upgrading Log4j in direct dependencies — it may also require upgrading multiple indirect dependencies. The new remediation preset by WhiteSource helps to address the challenge faced by security teams in updating indirect (transitive) dependencies.

"As news of new Log4j exploits emerge daily, it's crucial for developers using Log4j to quickly and proactively update Log4j to a secure version," said Rhys Arkins, Director of Product Management at WhiteSource. "WhiteSource Renovate combined with Merge Confidence helps developers support that strategy."

Click here to visit the WhiteSource Log4j Resource Center >>

About WhiteSource

WhiteSource helps organizations accelerate‌ the development of secure software ‌at‌ ‌scale‌. We provide automated tools that help bridge the security knowledge gap, integrating easily into the software development life cycle and going beyond detection with a remediation-first approach. WhiteSource is built on the most comprehensive vulnerability database in the industry, providing the widest coverage for threats and attack vectors. Our solution helps enterprises like Microsoft, IBM, Comcast, Philips, and many more reduce security risk and increase the productivity of their security and development teams. For more information, visit www.whitesourcesoftware.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Pegasus Spyware concept with binary code background
Endpoint Security
WhatsApp: NSO Group Operates Pegasus Spyware for CustomersWhatsApp: NSO Group Operates Pegasus Spyware for Customers
byJai Vijayan, Contributing Writer
Nov 18, 2024
4 Min Read
Laptop with Palo Alto networks logo
Cyberattacks & Data Breaches
Palo Alto Networks Patches Critical Zero-Day Firewall BugPalo Alto Networks Patches Critical Zero-Day Firewall Bug
byBecky Bracken, Senior Editor, Dark Reading
Nov 18, 2024
3 Min Read
ChatGPT, typed out on a screen
Сloud Security
ChatGPT Exposes Its Instructions, Knowledge & OS FilesChatGPT Exposes Its Instructions, Knowledge & OS Files
byNate Nelson, Contributing Writer
Nov 15, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events