Log4j remains vulnerable when using attacker-controlled thread context lookupsgithub.com/apache2 pointsterom5 years ago