2 years ago

Wikipedia states that https://en.wikipedia.org/wiki/Log4Shell in Log4j, the popular Apache logging program. Log4Shell, even though there have been patches for it since https://logging.apache.org/log4j/2.x/security.html was released in February is still alive, well, and causing trouble.

Patches Yet to Be Applied

Other programs, even new ones, are still open to Log4Shell attacks.

Sometimes these dependencies are transitive — a software developer adds an open source package that depends on a package that then depends on Log4j.