{"id":65782,"date":"2021-12-20T17:41:07","date_gmt":"2021-12-20T14:41:07","guid":{"rendered":"https:\/\/www.altoros.com\/blog\/?p=65782"},"modified":"2021-12-20T18:55:34","modified_gmt":"2021-12-20T15:55:34","slug":"cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability","status":"publish","type":"post","link":"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/","title":{"rendered":"Cloud Foundry Advisory Board Call, Dec 2021: The Log4j Vulnerability"},"content":{"rendered":"<p>The final Cloud Foundry Community Advisory Board (<a href=\"https:\/\/www.altoros.com\/blog\/tag\/cab\/\">CAB<\/a>) meeting for 2021 featured a few updates from the foundation and an overview of the recent <a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/security.html\" rel=\"noopener noreferrer\" target=\"_blank\">Log4j vulnerability<\/a>. The call was moderated by <a href=\"https:\/\/www.linkedin.com\/in\/ramanujank\/\" rel=\"noopener noreferrer\" target=\"_blank\">Ram Iyengar<\/a> from the CF Foundation.<\/p>\n<p>&nbsp;<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_79_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/#Log4js_exposure_to_data_leak\" >Log4j&#8217;s exposure to data leak<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/#Foundation_updates\" >Foundation updates<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Log4js_exposure_to_data_leak\"><\/span>Log4j&#8217;s exposure to data leak<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>On Friday, December 10, 2021, a critical vulnerability in Apache Log4j identified by <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44228\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2021-44228<\/a> was publicly disclosed. Log4j is a library that is widely adopted as a logging framework for Java. Log4j versions prior to 2.16.0 were subject to a remote code vulnerability via the LDAP JNDI parser, resulting in information leak and remote code execution in some environments and local code execution in all the environments.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/CAB-Cloud-Foundry-Advisory-Board-December-2021-log4j-security-vulnerability-govcert.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/CAB-Cloud-Foundry-Advisory-Board-December-2021-log4j-security-vulnerability-govcert-1024x692.png\" alt=\"\" width=\"640\" class=\"aligncenter size-large wp-image-65812\" \/><\/a><small>Mitigating the Log4j vulnerability (<a href=\"https:\/\/www.govcert.admin.ch\/blog\/zero-day-exploit-targeting-popular-java-library-log4j\/\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>According to Ram, the <a href=\"https:\/\/github.com\/cloudfoundry\/community\/blob\/main\/toc\/working-groups\/vulnerability-management.md\" rel=\"noopener noreferrer\" target=\"_blank\">Vulnerability Management<\/a> working group (WG) was able to quickly identify six points of vulnerabilities affecting Cloud Foundry products. These include:<\/p>\n<ul>\n<li>UAA<\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/credhub-discussed-at-the-initial-cloud-foundry-extensions-meeting\/\">CredHub<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-meeting-mar-2020-cf4k8s-demo\/\">cf-for-k8s<\/a><\/li>\n<li>cf-deployment<\/li>\n<li>PHP buildpack<\/li>\n<li>Java buildpack<\/li>\n<\/ul>\n<p>To mitigate the vulnerability, the Foundation <a href=\"https:\/\/www.cloudfoundry.org\/blog\/log4j-vulnerability-cve-2021-44228-impact-on-cloud-foundry-products\/\" rel=\"noopener noreferrer\" target=\"_blank\">recommends<\/a> upgrading the following releases:<\/p>\n<ul>\n<li>UAA to 75.12.0 or higher<\/li>\n<li>CreHub to 2.11.0 or higher<\/li>\n<li>cf-for-k8s to 5.4.1 or higher<\/li>\n<li>cf-deployment to 17.1.0 or higher<\/li>\n<li>PHP buildpack to 4.4.53 or higher<\/li>\n<li>Java buildpack to 4.45 or higher<\/li>\n<\/ul>\n<p>Some members of the community shared their experiences dealing with the vulnerability right after it was initially disclosed on December 10. <a href=\"https:\/\/www.linkedin.com\/in\/pburkholder\/\" rel=\"noopener noreferrer\" target=\"_blank\">Peter Burkholder<\/a> of GSA&#8217;s Cloud.gov appreciated the rate of patches addressing the security issue.<\/p>\n<div id=\"attachment_65784\" style=\"width: 160px\" class=\"wp-caption alignright\"><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/Peter-Burkholder.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-65784\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/Peter-Burkholder-150x150.jpg\" alt=\"\" width=\"150\" height=\"150\" class=\"size-thumbnail wp-image-65784\" \/><\/a><p id=\"caption-attachment-65784\" class=\"wp-caption-text\"><small>Peter Burkholder<\/small><\/p><\/div>\n<blockquote><p>&#8220;I first heard about this on Friday morning, US East Coast Time. Even though I had no evidence that we were being attacked, we immediately declared a potential incident, since we knew that UAA, CredHub, and some other components we run might be vulnerable. It was gratifying that we had tools within our deployment process to use as operators to set the initial property value that you could pass to JVMs&#8230;we were able to get ourselves to a pretty good position before the end of the day. We&#8217;re just very pleased with the speed of which the patches have come out of the community, and the attention you have all paid to it.&#8221; \u2014Peter Burkholder, GSA (Cloud.gov)<\/p><\/blockquote>\n<p>Since the Log4j vulnerability linked to the PHP buildpack only affected deployments running <a href=\"https:\/\/docs.appdynamics.com\/display\/PAA\/Security+Advisory%3A+Apache+Log4j+Vulnerability\" rel=\"noopener noreferrer\" target=\"_blank\">AppDynamics<\/a>, <a href=\"https:\/\/www.linkedin.com\/in\/bretmogilefsky\/\" rel=\"noopener noreferrer\" target=\"_blank\">Bret Mogilefsky<\/a> of GSA&#8217;s Technology Transformation Services (TTS), suggested that future <a href=\"https:\/\/www.cloudfoundry.org\/blog\/log4j-vulnerability-cve-2021-44228-impact-on-cloud-foundry-products\/\" rel=\"noopener noreferrer\" target=\"_blank\">security updates<\/a> from the CF Foundation should be more explicit to avoid confusion. &#8220;I do have PHP applications that were not on my radar at all as being affected,&#8221; he explained. &#8220;When I saw that PHP buildpack was affected, I went into high alert thinking I was affected.&#8221;<\/p>\n<div id=\"attachment_65811\" style=\"width: 160px\" class=\"wp-caption alignright\"><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/Bret-Mogilefsky-TTS.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-65811\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/Bret-Mogilefsky-TTS-150x150.jpg\" alt=\"\" width=\"150\" height=\"150\" class=\"size-thumbnail wp-image-65811\" \/><\/a><p id=\"caption-attachment-65811\" class=\"wp-caption-text\"><small>Bret Mogilefsky<\/small><\/p><\/div>\n<blockquote><p>&#8220;One thing that could help when releasing updates for things like that, be explicit about what might put you into a category to be susceptible to the vulnerability&#8230;The release notes for remediation should say we&#8217;ve remediated the vulnerability for Log4j, but also this is how you can tell if your applications were affected, because in this case, it was an optional piece of code that was not invoked, unless you have an AppsDynamics service available, deployed, and bound to the platform.&#8221; \u2014Bret Mogilefsky, GSA (TTS)<\/p><\/blockquote>\n<p>In addition, Peter also shared a tweet that may provide VMware Tanzu operators with a quick method to mitigate the security vulnerability while running Log4j versions 2.10 and above.<\/p>\n<p><center><\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">For all <a href=\"https:\/\/twitter.com\/VMwareTanzu?ref_src=twsrc%5Etfw\">@VMwareTanzu<\/a> Applications Services Operators, regarding <a href=\"https:\/\/twitter.com\/hashtag\/log4j?src=hash&amp;ref_src=twsrc%5Etfw\">#log4j<\/a> CVE-2021-44228 there is a possible global mittigation:<br \/>cf srevg \u2018{\u201cLOG4J_FORMAT_MSG_NO_LOOKUPS\u201d:\u201dtrue\u201d}\u2019<br \/>cf restart &lt;app-name&gt; &#8211;strategy rolling<\/p>\n<p>thanks to <a href=\"https:\/\/twitter.com\/VMwareTanzu?ref_src=twsrc%5Etfw\">@VMwareTanzu<\/a> Vanguards<\/p>\n<p>&mdash; J\u00fcrgen Sussner (@JSussner) <a href=\"https:\/\/twitter.com\/JSussner\/status\/1469670880573898758?ref_src=twsrc%5Etfw\">December 11, 2021<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/center><\/p>\n<p>Anyone interested in the ongoing development regarding the Log4j security vulnerability can check out the details via Apache&#8217;s <a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/security.html\" rel=\"noopener noreferrer\" target=\"_blank\">website<\/a>.<\/p>\n<p><small><a href=\"https:\/\/github.com\/apache\/logging-log4j2\" rel=\"noopener noreferrer\" target=\"_blank\">Log4j&#8217;s GitHub<\/a><\/small><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Foundation_updates\"><\/span>Foundation updates<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>With the ongoing initiative to adopt <a href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-nov-2021-working-groups-update\/\">working groups<\/a>, the Community Management WG has been changed to <a href=\"https:\/\/github.com\/cloudfoundry\/community\/blob\/main\/toc\/working-groups\/service-management.md\" rel=\"noopener noreferrer\" target=\"_blank\">Service Management<\/a>. The new working group aims to provide interfaces for service life cycle within application platforms and adapters to common external service providers.<\/p>\n<div id=\"attachment_55412\" style=\"width: 160px\" class=\"wp-caption alignright\"><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/07\/Ram-Iyengar.jpg\"><img decoding=\"async\" aria-describedby=\"caption-attachment-55412\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/07\/Ram-Iyengar-150x150.jpg\" alt=\"\" width=\"150\" class=\"size-thumbnail wp-image-55412\" \/><\/a><p id=\"caption-attachment-55412\" class=\"wp-caption-text\"><small>Ram Iyengar<\/small><\/p><\/div>\n<p>During the call, Ram noted a push from the community for all working groups to adopt an open roadmap to provide even more transparency.<\/p>\n<blockquote><p>&#8220;Going forward, everybody can start consuming and contributing to the roadmap of each of the different working groups and have more of a say in steering the way working groups are putting out solutions in general.&#8221; <\/p>\n<p>\u2014Ram Iyengar, Cloud Foundry Foundation<\/p><\/blockquote>\n<p>The first CAB call for next year is tentatively scheduled on January 19, 2022, at 11 a.m. ET \/ 8 a.m. PT. Anyone interested in participating can join the Cloud Foundry\u2019s <a href=\"https:\/\/cloudfoundry.slack.com\/messages\/C0JC2JB0W\/\" rel=\"noopener noreferrer\" target=\"_blank\">CAB<\/a> Slack channel.<\/p>\n<hr\/>\n<p><center><small>This blog post was written by <a href=\"https:\/\/www.altoros.com\/blog\/author\/carlo\/\">Carlo Gutierrez<\/a> and edited by <a href=\"https:\/\/www.altoros.com\/blog\/author\/sophie.turol\/\">Sophia Turol<\/a>.<\/small><\/center><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The final Cloud Foundry Community Advisory Board (CAB) meeting for 2021 featured a few updates from the foundation and an overview of the recent Log4j vulnerability. The call was moderated by Ram Iyengar from the CF Foundation.<\/p>\n<p>&nbsp;<\/p>\n<p>Log4j&#8217;s exposure to data leak<\/p>\n<p>On Friday, December 10, 2021, a critical vulnerability in Apache [&#8230;]<\/p>\n","protected":false},"author":32,"featured_media":65813,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[7],"tags":[618,873,912,206],"class_list":["post-65782","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-opinion","tag-cab","tag-cloud-native","tag-kubernetes","tag-oss-cloud-foundry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cloud Foundry Advisory Board Call, Dec 2021: The Log4j Vulnerability | Altoros<\/title>\n<meta name=\"description\" content=\"The vulnerability led to malicious remote code execution in some environments and local code execution in all the environments.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cloud Foundry Advisory Board Call, Dec 2021: The Log4j Vulnerability | Altoros\" \/>\n<meta property=\"og:description\" content=\"The final Cloud Foundry Community Advisory Board (CAB) meeting for 2021 featured a few updates from the foundation and an overview of the recent Log4j vulnerability. The call was moderated by Ram Iyengar from the CF Foundation. &nbsp; Log4j&#8217;s exposure to data leak On Friday, December 10, 2021, a critical vulnerability in Apache [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"Altoros\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-20T14:41:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-20T15:55:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/CAB-December-2021-log4j-security-vulnerability-Ram-Iyengar-Peter-Burkholder-Bret-Mogilefsky-v2.gif\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"683\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/gif\" \/>\n<meta name=\"author\" content=\"Carlo Gutierrez\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carlo Gutierrez\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/\",\"name\":\"Cloud Foundry Advisory Board Call, Dec 2021: The Log4j Vulnerability | Altoros\",\"isPartOf\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/CAB-December-2021-log4j-security-vulnerability-Ram-Iyengar-Peter-Burkholder-Bret-Mogilefsky-v2.gif\",\"datePublished\":\"2021-12-20T14:41:07+00:00\",\"dateModified\":\"2021-12-20T15:55:34+00:00\",\"author\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/#primaryimage\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/CAB-December-2021-log4j-security-vulnerability-Ram-Iyengar-Peter-Burkholder-Bret-Mogilefsky-v2.gif\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/CAB-December-2021-log4j-security-vulnerability-Ram-Iyengar-Peter-Burkholder-Bret-Mogilefsky-v2.gif\",\"width\":1024,\"height\":683},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.altoros.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cloud Foundry Advisory Board Call, Dec 2021: The Log4j Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\",\"url\":\"https:\/\/www.altoros.com\/blog\/\",\"name\":\"Altoros\",\"description\":\"Insight\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.altoros.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442\",\"name\":\"Carlo Gutierrez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg\",\"caption\":\"Carlo Gutierrez\"},\"description\":\"Carlo Gutierrez is a Technical Writer at Altoros. As part of the editorial team, his focus has been on emerging technologies such as Cloud Foundry, Kubernetes, blockchain, and the Internet of Things. Prior to Altoros, he primarily wrote about enterprise and consumer technology. Carlo has over 12 years of experience in the publishing industry. Previously, he served as an Editor for PC World Philippines and Questex Asia, as well as a Designer for Tropa Entertainment.\",\"url\":\"https:\/\/www.altoros.com\/blog\/author\/carlo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cloud Foundry Advisory Board Call, Dec 2021: The Log4j Vulnerability | Altoros","description":"The vulnerability led to malicious remote code execution in some environments and local code execution in all the environments.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"Cloud Foundry Advisory Board Call, Dec 2021: The Log4j Vulnerability | Altoros","og_description":"The final Cloud Foundry Community Advisory Board (CAB) meeting for 2021 featured a few updates from the foundation and an overview of the recent Log4j vulnerability. The call was moderated by Ram Iyengar from the CF Foundation. &nbsp; Log4j&#8217;s exposure to data leak On Friday, December 10, 2021, a critical vulnerability in Apache [...]","og_url":"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/","og_site_name":"Altoros","article_published_time":"2021-12-20T14:41:07+00:00","article_modified_time":"2021-12-20T15:55:34+00:00","og_image":[{"width":1024,"height":683,"url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/CAB-December-2021-log4j-security-vulnerability-Ram-Iyengar-Peter-Burkholder-Bret-Mogilefsky-v2.gif","type":"image\/gif"}],"author":"Carlo Gutierrez","twitter_misc":{"Written by":"Carlo Gutierrez","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/","url":"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/","name":"Cloud Foundry Advisory Board Call, Dec 2021: The Log4j Vulnerability | Altoros","isPartOf":{"@id":"https:\/\/www.altoros.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/CAB-December-2021-log4j-security-vulnerability-Ram-Iyengar-Peter-Burkholder-Bret-Mogilefsky-v2.gif","datePublished":"2021-12-20T14:41:07+00:00","dateModified":"2021-12-20T15:55:34+00:00","author":{"@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442"},"breadcrumb":{"@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/#primaryimage","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/CAB-December-2021-log4j-security-vulnerability-Ram-Iyengar-Peter-Burkholder-Bret-Mogilefsky-v2.gif","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/12\/CAB-December-2021-log4j-security-vulnerability-Ram-Iyengar-Peter-Burkholder-Bret-Mogilefsky-v2.gif","width":1024,"height":683},{"@type":"BreadcrumbList","@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-advisory-board-call-dec-2021-the-log4j-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.altoros.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Cloud Foundry Advisory Board Call, Dec 2021: The Log4j Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.altoros.com\/blog\/#website","url":"https:\/\/www.altoros.com\/blog\/","name":"Altoros","description":"Insight","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.altoros.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442","name":"Carlo Gutierrez","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg","caption":"Carlo Gutierrez"},"description":"Carlo Gutierrez is a Technical Writer at Altoros. As part of the editorial team, his focus has been on emerging technologies such as Cloud Foundry, Kubernetes, blockchain, and the Internet of Things. Prior to Altoros, he primarily wrote about enterprise and consumer technology. Carlo has over 12 years of experience in the publishing industry. Previously, he served as an Editor for PC World Philippines and Questex Asia, as well as a Designer for Tropa Entertainment.","url":"https:\/\/www.altoros.com\/blog\/author\/carlo\/"}]}},"_links":{"self":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/65782","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/comments?post=65782"}],"version-history":[{"count":26,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/65782\/revisions"}],"predecessor-version":[{"id":65814,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/65782\/revisions\/65814"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media\/65813"}],"wp:attachment":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media?parent=65782"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/categories?post=65782"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/tags?post=65782"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}