This Week in JBoss - 20 December 2021

Hello! With a bit of delay, here is our very last editorial of the year! Sadly, it focus point has to be the log4j vulnerability,but we also ensured there was some interesting and exciting news too. Enjoy and happy holidays!

log4j Security vulnerabilities

Sadly, we have to start our editorial with a less-than-ideal piece of news. In case, you somehow missed, be aware that some vulnerabilities have been found in Log4J. Being one of the most used Java library, it is a rather critical issue. Please take look at this article to know How to fix Log4j CVE-2021-44228.

Some other projects from the JBoss community may also have been impacted. Please check any project you are currently using and see if, like KIE or InfiniSpan, they have provided information on the impact of the vulnerability.

Note that, on the bright side, Quarkus is not affected by the Log4J Vulnerability.

Security concern

With the nasty security vulnereablity on log4j, it’s certainly time to look at some new security features coming in either Elytron or Wildly (or both):


Always on top of the latest new feature, Quarkus offers you to Explore Java 17 language features with Quarkus! If you already hook to Quarkus and love how it allows you to deploy native executables, you’ll probably be interested by this article on Compressing native executables with UPX

Releases, releases, releases…​

As always, the JBoss community has been quite actived and released quite a lot:

That’s all for today! Please join us again next year for another round of our JBoss editorial!

Romain Pelisse