A year ago, in December 2021, the Log4Shell vulnerability (CVE-2021-44228) in the Apache Log4j library caused a sensation. Although by the spring it was no longer on the front pages of IT media outlets, in November 2022 it reemerged when it was reported that cybercriminals had exploited the vulnerability to attack a US federal agency and install a cryptocurrency miner in its systems. That’s a good reason to explain what Log4Shell actually is, why it’s too early to write it off, and how to protect your infrastructure.