---

Log4Shell: A New Fix, Details of Active Attacks, and Risk Mitigation Recommendations

Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished.

As Dr. Johannes Ullrich, Dean of Research at the SANS Technology Institute, recently noted, “Log4Shell will continue to haunt us for years to come.” His advice? “Dealing with Log4Shell will be a marathon. Treat it as such.”

So let’s see what’s the latest news that can impact your mitigation and remediation efforts.