Portfolio and Log4j vulnerabilities