The Log4j Flaw Will Take Years to be Fully Addressed
from DarkReading 28 December indexed on 29 December 2021 8:01Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team.
Read more.
