4 years ago
Log4Shell
On December 9, an arbitrary code execution vulnerability in Apache Log4j 2 went public. The world spent the weekend patching. A week later we have CVE-2021-44228, the follow-up CVE-2021-45046, and CVE-2021-45105, three patches in five days, and a long list of structural lessons that the Java ecosystem will be working through for years.