Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking

In December 2021, software group Apache hurriedly released patches for significant security vulnerability Log4Shell. Though researchers found problems with initial patches, Apache’s response deemed solid overall. However, software developers are still maintaining vulnerable versions of the Log4j utility, with around a quarter of downloads from the Apache repository still using these versions.