So we had a bypass in our #log4j / #log4shell / CVE-2021-44228 rule:
Dominik Strecker from Swiss branch of @syracomag exploited a bug in the XML XPath selector.
He enters the Hall of Fame as first and only entry.
The bug is now fixed. The regex stands.
https://t.co/etzEOhlgOA