Apache Log4j participates in the bug bounty program

We were proud to be supported by the STF last year. This support helped us to fix many bugs, rewrite documentation, and improve the overall quality of the codebase and security.

Building on this support, we are excited to announce our participation in the YesWeHack bug bounty program. This initiative allows you to hunt bugs in Log4j and get paid for your contributions.

Our participation in this program wouldn’t have been possible without the generous support of our friends at the STF, who provided the necessary funds to reward your efforts. The STF not only supports us but also assists many other projects. You can learn more about their mission by reading their official announcement on their website.

We want to thank the STF and YesWeHack for their support.

We encourage all security researchers and developers to join us in this effort. Your contributions can help make Log4j more secure and reliable and reward your efforts.