December 15th 2021
Last Thursday Cloudflare published a blog post regarding a a zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) which was made public on December 9, that results in remote code execution (RCE). They said that this vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possible. The latest version can already be found on the Log4j download page. And then yesterday a second vulnerability was found after days spent trying to patch or mitigate CVE-2021-44228. The description of the new vulnerability, CVE 2021-45046, says the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was "incomplete in certain non-default configurations." Apache has released a patch, Log4j 2.16.0, which fixes the problem by removing support for message lookup patterns and disabling JNDI functionality by default. Are you affected?
Gabe's 11th server parts pricing report for 2021 is available. Since last year he's been tracking changing parts prices for RAM, SSDs, Hard Drives, CPUs, and a couple of GPUs. Typically this is done monthly, and then shared with WHT in a monthly report. Currently, all listed prices are from eBay, for used hardware, but he may start tracking more new hardware as well if there is a demand for it. Prices as of 1st December, 2021. Don't forget to check the "noteworthy changes" comments at the end of the report, which notes the removal and addition of certain components from the report, and any striking changes that have been picked up on.
Fully Managed VPS Hosting from $15/mo
Liquid Web is now offering its lowest pricing ever on Fully Managed VPS, starting at $15/mo and fully backed by our 30-Day Money Back Guarantee.
With pre-pay pricing on our Fully Managed VPS, you get the performance, power and flexibility of the world's fastest VPS for less than you may be paying for an older, unmanaged instance.
- Faster than AWS, Rackspace, and DigitalOcean
It's been another busy week around the industry so, without further ado, here's a few threads to get you started on your mid-week catch-up...
Got some news of your own to share? If it's news from your own company it belongs in Web Hosting Industry Announcements (no ads please!). If you've scooped some news about something else going on in the hosting industry we'd love for you to share it in our Industry News section!
WebHostingTalk is an online community of members who regularly turn to WHT for information and peer engagement on hosting business and technology topics. WebHostingTalk supports a knowledgeable memberbase and attracts a web-savvy audience with user generated content and purpose. If you're looking to tap-in to advertising opportunities on WHT, reach out to sales@PROTECTED to start a discussion. Please remember to book your January 2022 campaigns early - Christmas is fast approaching!
WebHostingTalk, Inc. 2 Toronto St., Ste. #239, Toronto, ON, M5C 2B5 Canada
Phone:+1 416 277 0095
This mailing list is announce-only.
Delivered weekly, the Web Hosting Talk Insider newsletter covers the latest news in the cloud and hosting industry, the hottest Web Hosting Talk threads, and in-depth insight and commentary on the trends impacting your business.