Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking

Apache scrambled to release patches for Log4Shell in December 2021, although some vulnerabilities remained. Despite the initial response, around a quarter of Log4j downloads from the Apache repository Maven Central still contain vulnerable versions a year later. This comes despite fixes being available, reflecting a lack of awareness or understanding among developers about the contents of their software.