The Log4J / Log4Shell issue is something that will stick with us a while. When bad guys find one flaw, they all pile on to see if they can find more, both in the original location, and replacement patches. Also, when the flaws are found in major locations accessible around the world, the badguy community ramps up and works together hoping to all reap in the rewards. As I said last week, this is a security nightmare that will continue for all of the tech folks for a while.

Meanwhile, Apache Foundation releases third update to logging tool in 10 days to address yet another flaw.