This article has been indexed from DZone Security Zone
Last December, Log4Shell shortened the nights of many people in the JVM world. Worse, using the earthquake analogy caused many aftershocks after the initial quake. I immediately made the connection between Log4Shell and the Security Manager. At first, I didn’t want to write about it, but I’ve received requests to do so, and I couldn’t walk away.
Hey @nicolas_frankel, isn’t the #Log4j-Exploit the perfect argument against deprecation of the Java SecurityManager?!
Read the original article: You’re Running Untrusted Code!
