Log4j (security vulnerability)

Apache Log4j is an open source Java-based logging utility. In late 2021, researchers discovered a critical vulnerability in Log4j.

The ‘Log4Shell’ bug has been described by one security expert as “another ‘flashbulb memory’ event in the timeline of significant vulnerabilities”.

The CVSS 10-rated vulnerability has a colossal attack surface extending downstream to countless applications, plugins, and packages.

Log4j’s ubiquity means the reverberations of the flaw will likely be felt for a long time to come.