The critical vulnerability in Apache’s  Log4j Java-based logging utility (CVE-2021-44228) has been called the “most critical vulnerability of the last decade.”  Also known as Log4Shell, the flaw  has forced the developers of many software products to push out updates or mitigations to customers. And Log4j’s maintainers have published two new versions since the bug was discovered—the second completely eliminating … Continue reading Inside the code: How the Log4Shell exploit works