Hopefully when we come back the Log4J vulnerability will be gone from our news feed. Based on recent reports it seems unlikely as the existing workarounds don't work. You must update the Log4J jar to the latest version to get protection.
In the meantime, here are some tips from Tom on mitigation:
Not Exactly a Vacation
So technically I don't celebrate Christmas. But because so many of our readers are on vacation I decided to align my vacation time too. I'll use that time away to do some open source hacking and work on an interesting side project.
If you'd like to keep up with this please follow @debugagent on twitter. I'll post updates there although I might not be up to my usual posting cadence during this time.
I'll try to keep my channels open (I can't stand getting back to full inboxes) but I might not be responsive. If you write to me please ping me again in January.
Merry Christmas, Happy Holidays and happy new year to all.