Skip to content

Commit

Permalink
Add links to other blog posts and update phrasing
Browse files Browse the repository at this point in the history
  • Loading branch information
freeqaz committed Dec 16, 2021
1 parent 7a305f7 commit bdeb637
Show file tree
Hide file tree
Showing 5 changed files with 47 additions and 7 deletions.
11 changes: 8 additions & 3 deletions docs/blog/2021-12-09-log4j-zero-day.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -243,10 +243,14 @@ for testing.

## More information

You can follow us on [Twitter](https://twitter.com/LunaSecIO) where we'll continue to update you as information about the impact of this exploit becomes available.
You can follow us on [Twitter](https://twitter.com/LunaSecIO), or subscribe below, and we'll continue to update you as
information about the impact of this exploit becomes available.

For now, we're just publishing this to help raise awareness and get people patching it. Please tell any of your friends
running Java software!
We have published a series of posts about Log4Shell on our blog that you might be interested in:
- **[Mitigation Guide](https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/)**,
- **[Explanation of the 2nd Log4j CVE](https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/)**,
- **[Part 1: Log4Shell Live Patch (Background Context)](https://www.lunasec.io/docs/blog/log4shell-live-patch/)**,
- **[Part 2: Log4Shell Live Patch (Technical Deep-Dive)](https://www.lunasec.io/docs/blog/log4shell-live-patch-technical/)**

### Limit your vulnerability to future attacks

Expand Down Expand Up @@ -291,6 +295,7 @@ methods are still prevalent.
14. Added link to 2nd CVE.
15. Updated contact information.
16. Updated original twitter link from @P0rZ9 as the original tweet was deleted. Changed from `https://twitter.com/P0rZ9/status/1468949890571337731` to `https://web.archive.org/web/20211209230040/https://twitter.com/P0rZ9/status/1468949890571337731`
17. Added links to other blog posts.

### Editing this post

Expand Down
15 changes: 12 additions & 3 deletions docs/blog/2021-12-12-log4j-zero-day-mitigation-guide.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -316,9 +316,9 @@ We've published articles about this exploit that you can use to learn more about
${jndi:ldap://patch.log4shell.com:1389/a}
```

Just simply paste that anywhere into your server where you're vulnerable, and it will patch you against future
exploitation. (For example, in the `main` function when you start up your server, or a known vulnerable field if it's
a vendor product you depend on.)
Using this will patch your server against future exploitation _until it restarts_. Just simply paste that anywhere into
your server where you're vulnerable to use it. For example, in the `main` function when you start up your server, or a known
vulnerable field if it's a vendor product you depend on.

We have added this functionality to the [latest release](https://github.com/lunasec-io/lunasec/releases) of our
Log4Shell CLI tool if you'd prefer to run the server yourself instead.
Expand Down Expand Up @@ -444,6 +444,14 @@ import ContactForm from '../src/components/ContactForm.jsx'

<ContactForm/>

### Additional Information

We have published a series of posts about Log4Shell on our blog that you might be interested in:
- **[Original Log4Shell Announcement](https://www.lunasec.io/docs/blog/log4j-zero-day/)**,
- **[Explanation of the 2nd Log4j CVE](https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/)**,
- **[Part 1: Log4Shell Live Patch (Background Context)](https://www.lunasec.io/docs/blog/log4shell-live-patch/)**,
- **[Part 2: Log4Shell Live Patch (Technical Deep-Dive)](https://www.lunasec.io/docs/blog/log4shell-live-patch-technical/)**

#### Limited Offer: Free Security Assistance

We're also currently offering a free 30-minute consultation with one of our Security Engineers. If you're interested,
Expand Down Expand Up @@ -482,3 +490,4 @@ If you would like to contribute, or notice any errors, this post is an Open Sour
6. Added link to 2nd CVE info.
7. Added info about hot patching, and links to new releases.
8. Update info about patching strategies.
9. Added links to other blog posts.
11 changes: 10 additions & 1 deletion docs/blog/2021-12-14-log4j-zero-day-update-on-CVE-2021-45046.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,14 @@ import ContactForm from '../src/components/ContactForm.jsx'

<ContactForm/>

## Additional Information

We have published a series of posts about Log4Shell on our blog that you might be interested in:
- **[Mitigation Guide](https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/)**,
- **[Original Log4Shell Announcement](https://www.lunasec.io/docs/blog/log4j-zero-day/)**,
- **[Part 1: Log4Shell Live Patch (Background Context)](https://www.lunasec.io/docs/blog/log4shell-live-patch/)**,
- **[Part 2: Log4Shell Live Patch (Technical Deep-Dive)](https://www.lunasec.io/docs/blog/log4shell-live-patch-technical/)**

## Limited Offer: Free Security Assistance

We're also currently offering a free 30-minute consultation with one of our Security Engineers. If you're interested,
Expand All @@ -226,4 +234,5 @@ If you would like to contribute, or notice any errors, this post is an Open Sour
:::

1. Updated 12/15/21: Updated "Conditions for the Vulnerability" section from "upgrade to `2.16.0`" to "upgrade to `>= 2.15.0`", see [this GitHub issue](https://github.com/lunasec-io/lunasec/issues/316)
2. Updated 12/15/21: Updated all instances of `noFormatMsgLookup` to be the correct `formatMsgNoLookups`, see [this GitHub issue](https://github.com/lunasec-io/lunasec/issues/317)
2. Updated 12/15/21: Updated all instances of `noFormatMsgLookup` to be the correct `formatMsgNoLookups`, see [this GitHub issue](https://github.com/lunasec-io/lunasec/issues/317)
3. Updated 12/16/21: Added links to other blog posts.
9 changes: 9 additions & 0 deletions docs/blog/2021-12-15-log4shell-live-patch.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,14 @@ import ContactForm from '../src/components/ContactForm.jsx'

<ContactForm/>

## More Information

We have published a series of posts about Log4Shell on our blog that you might be interested in:
- **[Part 2: Log4Shell Live Patch (Technical Deep-Dive)](https://www.lunasec.io/docs/blog/log4shell-live-patch-technical/)**,
- **[Mitigation Guide](https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/)**,
- **[Original Log4Shell Announcement](https://www.lunasec.io/docs/blog/log4j-zero-day/)**,
- **[Explanation of the 2nd Log4j CVE](https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/)**

## Limited Offer: Free Security Assistance

We're also currently offering a free 30-minute consultation with one of our Security Engineers. If you're interested,
Expand All @@ -222,3 +230,4 @@ If you would like to contribute, or notice any errors, this post is an Open Sour
[GitHub](https://github.com/lunasec-io/lunasec/blob/master/docs/blog/2021-12-15-log4shell-live-patch.mdx).
:::

1. Added links to other blog posts.
8 changes: 8 additions & 0 deletions docs/blog/2021-12-17-log4shell-live-patch-technical.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,14 @@ import ContactForm from '../src/components/ContactForm.jsx'

<ContactForm/>

## More Information

We have published a series of posts about Log4Shell on our blog that you might be interested in:
- **[Part 1: Log4Shell Live Patch (Background Context)](https://www.lunasec.io/docs/blog/log4shell-live-patch/)**,
- **[Mitigation Guide](https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/)**,
- **[Original Log4Shell Announcement](https://www.lunasec.io/docs/blog/log4j-zero-day/)**,
- **[Explanation of the 2nd Log4j CVE](https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/)**

## Limited Offer: Free Security Assistance

We're also currently offering a free 30-minute consultation with one of our Security Engineers. If you're interested,
Expand Down

0 comments on commit bdeb637

Please sign in to comment.