At Amazon Web Providers (AWS), safety remains our priority. This weekend break as we tackled the Apache Log4j vulnerability, I’m pleased to remember that we created and launched a hotpatch being an interim mitigation action. This tool will help you mitigate the chance when updating isn’t immediately possible.

It’s essential that you evaluation, patch, or mitigate this vulnerability as as you possibly can soon. We advise that you upgrade Log4j to version 2 nevertheless.15 as a mitigation, but we realize that may take some right period, depending on your assets. To take instant action, we advise that you implement this created tool to hotpatch your Log4j deployments newly. A huge because of the Amazon Corretto group for spending times, nights, the weekend to create and, harden, and deliver this code. This device is usually available now at GitHub.

Caveats

Much like all open source software program, you’re by using this at your personal risk. Remember that the hotpatch provides been examined with JDK8 and JDK11 on Linux. On JDK17, just the static agent setting works. A complete list of caveats are available in the README.

Want a lot more AWS Security how-to articles, news, and show announcements? Stick to us on Twitter.