Dec 10, 2021 · From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed.

Log4j 1.x has reached End of Life in 2015 and is no longer supported. Vulnerabilities reported after August 2015 against Log4j 1.x were not checked and will not be fixed. Users should …

Dec 10, 2021 · From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note …

Log4Shell is a critical zero-day vulnerability (CVE-2021-44228) in Log4j that was uncovered in December 2021. It allows attackers to execute arbitrary code remotely on affected systems.

Explore the latest vulnerabilities and security issues of Log4j in the CVE database

Mar 19, 2025 · Log4Shell is a critical Remote Code Execution (RCE) vulnerability in the Apache Log4j logging framework. It went unnoticed for nearly eight years, since 2013, before its public …

Apr 8, 2022 · CISA and its partners, through the Joint Cyber Defense Collaborative, are responding to active, widespread exploitation of a critical remote code execution (RCE) …

Most notably, the "log4j-api" package was marked as vulnerable, while in reality further research showed that only the main "log4j-core" package was vulnerable.

Log4Shell, Common Vulnerability and Exposure (CVE) identifier, CVE-2021-44228, is a remote code execution (RCE) vulnerability present in some versions of Log4J. The flaw affects …

Nov 25, 2025 · The Log4Shell vulnerability is a remote code execution (RCE) vulnerability found in the Apache Log4j 2 logging library. As Apache Log4j 2 is commonly used by many software …