log4shell
Safeguard articles tagged "log4shell" — guides, analysis, and best practices for software supply chain and application security.
35 articles
From Log4Shell to Now: What Changed and What Didn't in Su...
Three years after Log4Shell, Log4j is still found in production systems. Here is what the industry fixed, what it didn't, and why the risk persists.
The Unpaid Labor Behind Critical Internet Infrastructure
Open source runs on unpaid maintainer labor. From xz-utils to Log4Shell to colors.js, we examine why burnout became a top supply chain security risk.
Log4Shell Three Years Later: Which Fixes Actually Stuck?
Three years after Log4Shell's disclosure, which fixes actually held? A look back at CVE-2021-44228's timeline, CVSS/EPSS/KEV context, and lingering exposure.
Log4j Two Years Later: Are We Actually Safer?
Two years after Log4Shell shook the internet, many organizations still have vulnerable Log4j instances. The vulnerability changed how we think about supply chain security—but did it change how we act?
Log4j One Year Later: What We Learned and What We Didn't Fix
A year after Log4Shell shook the internet, many organizations still had vulnerable instances. Here's what the anniversary revealed about our industry.
The Log4Shell Response Playbook Six Months In
Six months after CVE-2021-44228 broke the internet, here is what worked, what didn't, and the response patterns security teams should keep as muscle memory.
Spring4Shell vs Log4Shell: Comparing Two Java Framework Crises
Both scored 9.8 on CVSS. Both affected millions of Java applications. But Log4Shell and Spring4Shell had fundamentally different blast radii. Here's a direct comparison.
Detecting Log4Shell in Your Software Supply Chain
Log4j isn't just in your code — it's in your vendors' code, your container base images, and your transitive dependencies. Here's how to find it everywhere.
Log4Shell Impact Assessment and Remediation Guide
You know Log4Shell is bad. Now here's how to find every instance in your environment and fix it — including the edge cases everyone misses.
Log4Shell Vulnerability (CVE-2021-44228) Explained
The most critical vulnerability in a decade dropped on a Friday. Log4Shell affects virtually every Java application and is trivial to exploit. Here's what happened.
Zero-Day Vulnerabilities in Open Source: 2021 in Review
2021 saw a record number of zero-day exploits targeting open-source software. From Log4Shell to ProxyShell, here's what happened and what it means for defenders.