TechRadar reports that vulnerable versions of the Apache Log4j software have been observed across 38% of apps between Aug. 15 and Nov. 15, indicating the enduring security risk of the software.
Article Link: Vulnerable Log4j instances persist two years after patches | SC Media