Safeguard
Tag

log4shell

Safeguard articles tagged "log4shell" — guides, analysis, and best practices for software supply chain and application security.

35 articles

Open Source Security

From Log4Shell to Now: What Changed and What Didn't in Su...

Three years after Log4Shell, Log4j is still found in production systems. Here is what the industry fixed, what it didn't, and why the risk persists.

Aug 10, 20258 min read
Open Source Security

The Unpaid Labor Behind Critical Internet Infrastructure

Open source runs on unpaid maintainer labor. From xz-utils to Log4Shell to colors.js, we examine why burnout became a top supply chain security risk.

Jul 27, 20257 min read
Industry Analysis

Log4Shell Three Years Later: Which Fixes Actually Stuck?

Three years after Log4Shell's disclosure, which fixes actually held? A look back at CVE-2021-44228's timeline, CVSS/EPSS/KEV context, and lingering exposure.

Jul 13, 20257 min read
Open Source Security

Log4j Two Years Later: Are We Actually Safer?

Two years after Log4Shell shook the internet, many organizations still have vulnerable Log4j instances. The vulnerability changed how we think about supply chain security—but did it change how we act?

Dec 10, 20235 min read
Vulnerability Analysis

Log4j One Year Later: What We Learned and What We Didn't Fix

A year after Log4Shell shook the internet, many organizations still had vulnerable instances. Here's what the anniversary revealed about our industry.

Dec 12, 20227 min read
Incident Analysis

The Log4Shell Response Playbook Six Months In

Six months after CVE-2021-44228 broke the internet, here is what worked, what didn't, and the response patterns security teams should keep as muscle memory.

Jun 12, 20226 min read
Vulnerability Analysis

Spring4Shell vs Log4Shell: Comparing Two Java Framework Crises

Both scored 9.8 on CVSS. Both affected millions of Java applications. But Log4Shell and Spring4Shell had fundamentally different blast radii. Here's a direct comparison.

Apr 2, 20226 min read
Vulnerability Analysis

Detecting Log4Shell in Your Software Supply Chain

Log4j isn't just in your code — it's in your vendors' code, your container base images, and your transitive dependencies. Here's how to find it everywhere.

Dec 18, 20216 min read
Incident Response

Log4Shell Impact Assessment and Remediation Guide

You know Log4Shell is bad. Now here's how to find every instance in your environment and fix it — including the edge cases everyone misses.

Dec 15, 20215 min read
Vulnerability Analysis

Log4Shell Vulnerability (CVE-2021-44228) Explained

The most critical vulnerability in a decade dropped on a Friday. Log4Shell affects virtually every Java application and is trivial to exploit. Here's what happened.

Dec 13, 20215 min read
Vulnerability Research

Zero-Day Vulnerabilities in Open Source: 2021 in Review

2021 saw a record number of zero-day exploits targeting open-source software. From Log4Shell to ProxyShell, here's what happened and what it means for defenders.

Nov 28, 20217 min read
log4shell (Page 3) — Safeguard Blog