The maintainers of the Java Log4j project had only three sponsors, despite the software being a crucial part of large companies' commercial products and enterprise applications.

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.

More than 80% of Java packages affected by the vulnerability in the Apache Log4j library cannot be updated directly and will require coordination between different project teams to address the flaw.

A WARNING has been issued for those who use the Log4J logging library that a spreading botnet could open up “a whole new pool of potential victims.” The warning was issued by Cybersecur… ...

The bug, CVE-2021-44228, affects a Java logging package called log4j. It was revealed Thursday by Lunasec and on Friday by Huntress Labs, and is already being exploited, according to an alert from ...