It has been about a year since the security hole at the heart of the open source Java logging library Apache Log4j was revealed. The resulting zero-day vulnerability, CVE-2021-44228, aka Log4Shell, is still with us today.
Read full article on The New Stack