According to GreyNoise, a company that analyzes “Internet background noise”, there are around 100 hosts actively scanning for servers with the aforementioned vulnerability.
GreyNoise is detecting a sharply increasing number of hosts opportunistically exploiting Apache Log4J CVE-2021-44228. Exploitation occurring from ~100 distinct hosts, almost all of which are Tor exit nodes. Tags available to all users and customers now. https://t.co/JF3tUkpIrqpic.twitter.com/CTMi0IWQ5j
To check whether your server got scanned, you may verify your visitors by checking this GitHub gist. These IPs, however, are IPs of Tor exit nodes; therefore it will be getting longer.
Luckily, the way to patch the vulnerability is simple. As Cloudflare explained it:
1. Upgrade to Log4j v2.15.0
2. If you are using Log4j v2.10 or above, and cannot upgrade, then set the property:
Additionally, an environment variable can be set for these same affected versions:
3. Or remove the JndiLookup class from the classpath. For example, you can run a command like
zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class to remove the class from the log4j-core.
React’s Automatic Optimizations
React is a bit of a “you have to do everything yourself” UI library. Without explicit optimizations, such as memoization, it performs rather poorly, unnecessarily running a lot of code over, and over. Having to keep in mind this, and some other React-specific optimizations, can be a bit of a pickle.
Engineers at Meta seemed to have noticed that, and have showcased a tool to make React perform much better without all the mental overhead for developers. The solution is an automatic compiler, that performs memoization for you, automatically. For a demo, watch the video below.
The leak happened between September and November 2021; however, the news about it only surfaced last week. The company promised to do better in the future.
Tailwind CSS 3.0
Tailwind CSS, one of the web developers’ favorite tool for creating beautiful UI components, is getting a new major release. There are some improvements both making the developers’ lives easier, with some new features bringing new capabilities on board.
“Just-in-Time, all the time.” Faster build times, for the CSS framework. The JIT engine was optional until now, when it’s the only option available. It is also available as a script that one can get from the CDN, and run it in the browser
The styling of form elements without spending much time or effort
The introduction of RTL and LTR modifiers. Essential for complete control when building multi-directional websites.
“Touch-action” utilities for controlling how a user can zoom in, and scroll on devices with a touch screen
For the full list of features in the new release, take a look at the documentation.
360° IT Check is a weekly publication where we bring you the latest and greatest in the world of tech. We cover topics like emerging technologies & frameworks, news about innovative startups, and other topics which affect the world of tech directly or indirectly.