In December 2021, we disclosed a sequence of weblog posts about the Log4j vulnerability, highlighting the risk that it posed, our observations of attempted exploitation, and also the steps we took to guard prospective customers. Two years on, within our 2023 twelve Months in Critique, we noted that even though an older vulnerability, Log4j remained