‘Twas the night before Christmas       When all through the house Not a creature was stirring,       not even a mouse… Spare a thought for your sysamins, for your IT team, and for your cybersecurity staff as Christmas 2021 approaches, because there may still be plenty of mice stirring all through the house right up to Christmas Eve… …because that’s the deadline set by the US Cybersecurity and Infrastructure Security Agency (CISA) for patching the already-infamous Log4Shell vulnerability, a dangerously exploitable flaw in Apache’s widely used Log4j (Logging for Java) programming toolkit. Since news first broke of the problem on 09 December 2021, Apache has a-patched the code not once but three times, variously fixing CVE-2021-44228 with version 2.15.0, quickly followed by 2.16.0 to fix a related bug dubbed CVE-2021-45046, foillowed quickly yet again by 2.17.0 to deal with CVE-2021-45105.

Read full article on Naked Security