Do you work on the project on the project repository? You can use this tool to automatically sync your releases to SourceForge, so that you can take advantage of SourceForge's massive reach, and you can keep using GitHub.
The story was 156388491.
BeauHD posted from the time-to-update dept. on Friday December 10, 2011.
A zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and allows attackers to gain full control of affected server. The vulnerability is severe and allows unauthenticated remote code execution as the user running the application uses the Java logging library. It's being exploited in the wild, warns CERT New Zealand. Users and administrators are urged to apply the recommended mitigations immediately in order to address critical vulnerabilities. Many services and applications written in Java are affected by the Apache Log4j between versions 2.0 and 2.14.1. Researchers warn that cloud applications are also vulnerable after the first vulnerability was discovered in Minecraft. It's used in enterprise applications and it's likely that many products will be vulnerable as more is learned about the flaw. Slashdot reader alfabravoteam shared an excerpt from a Luna Sec post warning that anyone using Apache Struts is likely vulnerable. The impact of this vulnerability is quite severe, given how easy it is to exploit and how ubiquitous this library is. We're calling it "Log4Shell" because it isn't as memorable. The 0-day was posted along with a POC.
Many services are vulnerable to this exploit. Cloud services like Steam, Apple iCloud, and apps likeMinecraft have been found to be vulnerable. The Apache Struts is vulnerable. We've seen similar vulnerabilities exploited before. Paper, a project from the Open Source community, has begun patching their usage of log4j.
_
