1. Log4j Core Silent Attribute Renames Expose Syslog Deployments to CRLF Injection via Undocumented Configuration Changes
A critical vulnerability in Apache Log4j Core versions 2.21.0 through 2.25.3 has been identified in the Rfc5424Layout component, creating a CRLF injection pathway for organizations using stream-based syslog services. The flaw stems from undocumented renames of two security-critical configuration attributes that silentl...