Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source Insights Team.
source https://www.darkreading.com/tech-trends/the-log4j-flaw-will-take-years-to-be-fully-addressed
No comments:
Post a Comment