Critical Apache Log4j2 Remote Code Execution Vulnerability: Risks and Fixes

Google postpones office‑return plan and issues employee bonus

According to Reuters, Google will delay its return‑to‑office schedule and will give all U.S. employees a one‑time cash bonus of $1,600 (or equivalent), including long‑term staff and interns. The bonus is part of additional benefits such as home‑office allowances, though the total amount allocated for pandemic‑related support was not disclosed.

Critical Apache Log4j2 remote code execution vulnerability

Apache Log4j2, a widely used Java logging framework, received an emergency security update on December 9 to fix a remote code execution (RCE) vulnerability. The flaw can be exploited without special configuration by sending malicious requests that trigger recursive lookups, affecting components such as Apache Struts2, Solr, Druid, and Flink. The vulnerability is rated as severe.

Impacted versions include all 2.x releases; even the pre‑release 2.15.0‑rc1 is vulnerable.

Proof‑of‑concept and exploit code have been publicly released, and numerous attacks have been observed. The research institute “Ang Kai Pan Shi” has reproduced the issue.

Mitigation and recommendations

Upgrade Apache Log4j2 to the latest safe version 2.15.0‑rc2.

Update affected applications and components such as spring‑boot‑starter‑log4j2, Apache Struts2, Solr, Druid, and Flink.

Temporary work‑arounds:

Set JVM parameter -Dlog4j2.formatMsgNoLookups=true.

Set system environment variable FORMAT_MESSAGES_PATTERN_DISABLE_LOOKUPS=true.

Disable external network connections for the application.

IntelliJ IDEA adds built‑in audio‑video chat

IntelliJ IDEA now supports real‑time audio and video communication through the “Code With Me” plugin, enabling developers to start calls directly within the IDE. This feature is suitable for one‑on‑one meetings, small group sessions, pair programming, and collaborative debugging.

The functionality is currently in the Early Access Program, and interested users can test it.