Log4J is a logging library for Java. It is used to debug software during its development lifecycle and entails inserting log statements into code. It is developed and maintained by the open-source Apache Software Foundation and runs on all major platforms including Windows, Linux, and Apple’s macOS.
On 24 November 2021, a member of Alibaba’s cloud security team discovered a vulnerability in log4j 2. The vulnerability was given a CVE ID by November 26 and the first known exploit was detected by December 1. By December 13, Log4j version 2.16.0 was released.