
log4j is hard to find and harder to fix
If you pay attention to tech news, you know what’s going on with log4j right now. It’s being called Log4Shell which is a great name. I’ll spare you repeating the details of the issue, there are many many stories about it at this point. What I’ve not seen is a good explanation about why knowing if you are using log4j is hard, and fixing it will be even harder than finding it. ...