Lessons Learned: The Log4J Vulnerability 12 Months On

Despite being identified and patched in 2021, the Log4Shell vulnerability in the Apache Log4j library remains a significant cybersecurity risk. Data suggests that 30-40% of all Log4j downloads are of the vulnerable version. Threat actors, including Iranian and Chinese groups, continue to exploit the bug, and experts warn that good cybersecurity hygiene and full oversight of business software are imperative. Organizations are advised to use up-to-date versions of Apache’s Log4j and to maintain a software bill of materials to manage risk.