Log4j 2.17 is out for vulnerabilities discovered in 2.16

I was not satisfied with other contents out there. The moment I noticed your video I was sure before watching that now I am going to get 101% correct understanding as usual. Thanks a lot Koushik!

You have superpower of explaining difficult things in easy words. Nicely explained that companies don't value for free open source stuff ( that reminds me we don't thank you enough for making such great free content 😊). Maybe 2nd version of this video would be (we always ask for more 😊). 1. Live example showing same vulnerability in action. 2. How exactly this issue is fixed. i.e. before and after comparison.

I saw other videos on the same, but no one explained it better than you. Thanks a ton.. !!

I was watching this in Incognito mode but this explaination is so awesome that I had to come here to like it and comment on it. Awesome stuff. Thanks for all this effort.

Came for the vulnerabilty , Left with a beautiful message . Thank you .

Your make a brilliant point. Often see huge companies tap into open source and brag about it, but forgetting to support the people actually doing it financially.

The last part of the video regarding supporting open source software is really thoughtful. Thank you.

Kaushik your words are ultimate..you got to be the professor for all java developers as like in money heist serial.!

More than the knowledge on this topic, I am overwhelmed by your thought towards people contributing for open source tools/apps. Your thoughts towards open source community is SO PURE. KUDOS!!! It's not always MONEY that matters, by the way. People like you having such noble intent towards society and community. KEEP THIS SPIRIT ON!!! Thanks

The way you ended the video with that thought provoking message is awesome

Thank you for explaining this. Especially the thought about many companies making money out of using open-source libraries but not giving back to the open-source volunteers.

This is by far the best Log4J vulnerability explanation on the internet

Just like open source we have "stack overflow" people don't realize the efforts and time people devote to help this community to keep going, be its open source or helping some developer out, we must respect and do what ever we can in order to get things going.

6:15 So much backward compatibility that even my great grandmother code can work on latest version of jvm 🧐🧐🤣 this line got me 👑👑😆

Explained well. I like the "Support model" you were talking about.

I am watching this almost more than a year after this was released (yup, I'm not a techie/tech geek), and I have watched quite a few videos trying to understand this issue (esp. for non-techies), and this is one of the best videos explaining this issue!! And this is coming from a non-technie! Kudos!

I love your way to talking and explaining things, keep this knowledge coming. many thanks

I’m a total layman on this and am just informing myself so that I understand what is happening with my work’s response to the vulnerability. Your content is so clear yet detailed. Absolutely fantastic.

Dude, that is hands-down the most informative, entertaining, and accurate description of the log4j vulnerability that I've enjoyed. Thanks!

Your channel has been a single source of truth for all things Java for me for a very long time now. Thank you for the explanation.

So far one of the best explanations I've heard about this issue. Great job. "When was it really exploited?" Yes, great question...

Excellent presentation of the issue for technical and non-technical audiences. I am very impressed with your ability to explain topics.

A big thank you. Kaushik for explaining issues bothering our teams.

And it took these many years to know the existence of this vulnerability!!! Hats off!!

AS usual, the best teacher out there, thanks Koushik!

Got the clear picture about the vulnerability after watching your video. Thank you.

You are really a reliable source of education/reference in Java world by addressing current/trending issues with a great explanation video. Much appreciated & thanks for your great works. 🙏🏻

I am not an IT professional but I know people who are and frantically working to resolve there log4j issues. Atleast I know why now. This vid might be for java pros, but the explanation was clear even for a layman like me. Cheers!

Tech part is very well explained - no doubts in it. There is the touchy note for the moral responsibility. Very well expressed as well. The businesses that aspire and build themselves on these open source tools are often making huge profits but fail to recognize these underpinning elements that made things possible. So yes, a kudos to you for bringing this up.

The most epic explanation !! thank you, as a fellow Java dev, this is one of my fav Java channels

Thanks for the great explanation of Log4J. I never really fully understood what it was till I watched this video. Thanks for taking the time to post it.

All things were explained well and with satisfaction. Well Koushik, I love your last statement and idea. Organizations should pay to open source communities.

Always comeback to learn from your tutorials from my early college days (around 2013-14). Kaushik you are really a great teacher who can convey the knowledge in simplified manner. Your view on Private companies donating money to these opensource project is spot on, but there is chances of these companies controlling the whole project and projecting their own agenda into it, so yes it would be great if we can support such projects financially but it's tricky one. Also I'm thankful for people like you who provide such a quality stuff, I have nothing but deep gratitude and I'm planning to become member of your channel to support what you're doing, keep doing this we need more people like you :)

One of the greatest explanations of this vulnerability

Excellent talk. Always, always sanitize any input your application gets, from any source. Use one class that receives that input and filters it. I have seen clever programmers doing it that way. Every programmer should do this. My ISP’s router has such a vulnerability, my Xiaomi router has such a vulnerability. It is way too common.

I was excited throughout the video just like him. The big companies took log4j and its security for granted. Not just 2020, even 2021 will be remembered in history.

Good technical explanation. Relevant facts around it and at last thought provoking discussion. This was really worth the time. please make a video on how to contribute to open source. please use any open source project as example . Thanks a lot again

Threw a like for your great grandmother being a long time Java coder.

I am impressed by the level of detail you put here. Thank you for sharing this. The amount of detail is awesome.

Now I know better, thanks for your clear explanation.

This is the only channel I would press the JOIN button for.

Explanation and support nd moral obligation logic is point to note by industry..

The best explanation about Log4J Vulnerability, Thank you for explaining fully

your last message really touch me, it really rise a question on how we support open source. also stay strong for all java programmers out there, it's been a hard time especially near year end holidays

Great stuff..👏 This is the best video I have seen this year in KZbin..

This is the first time I see a video for you.... you are amazing... keep it this way.... You are really amazing... Bravo!

Thank you for the great explanation, As a cyber security analyst this helped me alot to understand the problem in a clear way, and the way jndi works. ⭐️⭐️⭐️⭐️⭐️

Your explanation was compelling and precise. Short and very informative. Thanks for that. Well down, good job !!!

Most useful explanation I've seen. Thanks!

Exquisitely explained - thank you!! You just got another subscriber!

Loved the last thoughtful arguments and questions in the end!! Great work!

Thanks for the crystal clear description of the problem. Not being a Java person myself, I had trouble understanding it first. It was not in my mind that a widely used Java lib could just like that interpret '${lookup}' stuff simply from user input. Even if there was no code injection possible, this is also a giant door open to DoS attacks as someone could just use a slow ldap and inject lookups just from the input. Forget ldap, jndi or whatever. Interpreting _anything_ , in _any_ way that can come from user is insecure in nature and should be done with extreme caution.

Thanks so much. I'm a c#/dotnet developer and I've seen my Java dev friends freaking out and now i get why.

Thank you so much for your explanation, I have red lots of articles to understand this Vulnerability but it was not absorbed till i saw this video

Loved the explanation. Better is the final thoughts on supporting open source work.

This was the best explanation of the weakness that I've found. Thank you. The bad news is that even if a large investment is made in open source today, it will take time to find and fix similar issues. The bad guys will be looking to not only exploit this issue, but be searching for similar ones and this creates a race condition in which they likely have a head start.

Thanks for this video Koushik. You are an amazing tutor

Excellent explanation with real time example.

Thank you. Your explanation was compelling and precise

Super easy and complete explanation of Log4j. I also support your view on open source, with adversaries on the lookout, from security perspective, it is definitely recommended to avoid open source where you can. You are exposed when the code is exposed.

I don’t write Java, so my opinion is as a non-user, but this explanation was phenomenal. Thank you for dropping knowledge on me

Seen several video. But i felt complete on this issue once I saw this video from JavaBrain.

That explains the problem very well rather than any other places I have seen. Thank you very much. And a very good point to be taken into thought at the end of your video. Big companies are making money out of open source projects and basically those open source projects contributed to the income they have made. Open source projects never mandates to pay them back if someone using their projects and making money out of it but those companies should have a self responsibility to contribute/fund back in the open source projects. Because there are number of people who are working to improve without getting paid a penny. Hats off for them. So the companies who never did their part, cannot blame at open source projects.

Kaushik bro , u make things so easy and interesting, video madiddakke dhanyavadagalu

This is the best video on this vulnerability so thankyou you very much

Great video.. 👍👍👍 Thank you for detail explanation.. I agree with your point.. companies who are using log4j have moral obligation to support it.

Thanks for clearly explaining the problem and the solutions available to a non-dev. I agree that open-source users should contribute back.

Excellent explanation done by you. Thanks for such an informative video.

This guy has become my favorite in the java world

As head developer of a document handling web application, I was the main target of frantic calls both internal and external. I didn't mind! It was one of those times when you could give a short definite answer that satisfied everyone. I wish all my support tickets were that way.

Best content by best mentor. Thanks a lot

As a second year CS major, thank you, great video.

Thank you kaushik for that 9:30 explaination. Finally understood what that expression was being used.

I am 100% agree with your last statement. Big companies should contribute to open source community, these biggies are already investing in PR. There should be competitive environment in these giants that how much they are contributing to the open source community.

Thanks so Much, one of the best explanations of the vulnerability.

Great video. Very informative especially the question on OSS...

Brilliant Sir, I agree with you , enterprises should have responsibilitiy to fund , securing these open source software. After all they have made billions in using these libraries to develop & sell software all these years.

Wow, well explained all the parts in the video. Thanks.

Superb explanation. I have been following you for some time now. Man you a r damn good

Kaushik hai to mumkin hai. Thanks Master.

Our engineers promptly upgraded the version of log4j as soon as it came to light, I just came here to understand what exactly happened. But my biggest takeaway is what you said at the end. The moral responsibility. I am responsible for the modernization journey of one of the business unit for our company, and I always advocated to use only open source projects. Which was successfull. But, to my shame, yes, I never thought about this. We are a multi billion dollar org, and I'll make sure to have a conversation with the right people in our org chart to see if we can do our bits to support atleast the open source projects that we use. Thank you for your insight. ❤

The only video on youtube with such comprehensiveness about this vulnerability. This is what makes Java Brains stand apart from other tech channels. Thanks Koushik !

easily the best video i've seen on this topic!

Good technical explanation. I myself as a budding developer have not gotten into logging (actually this whole vulnerability stuff has just made me more curious about it so down that rabbit hole I go lol) as of yet but once you brought things into context of SQL IAs I understood much better the implications. Thanks for the video.

This is an impeccable video! Kudos, Koushik!

I was really waiting for your video about this vulnerability issue. Thanks lot 😊

Finally someone whose explanation helped me !!

Loved the last part of moral responsibility. Subscribeedddddddddddddddddd!!!

Wonderful video Kaushik! Unparalleled quality content!

Thank you for explaining this so well. Grateful to you 😀

Wow Kaushik, I really liked the ending statement. You saw what I couldn't see, the big picture.

Crisp and clear explanation ending with some thought provoking questions. 👏

As always this is the best explanation and good thoughts on open source

Nicely explained with simple words. keep up the good work sir

You explained it in a concise and subtle manner. Thanks!

You are 100% right, open sources should be funded by big corporations who depends on them for continuous development and vulnerability assessments

SQLInjection is the 1st thing that came into my mind when I learnt about it

Talk about simplifying.. excellent explanation Kaushik! Thank you 🙏🏼

This is where DevSecOps comes in. Secured by design and by default. good informative video.