Pick a random person, and ask them these two questions:
Q1. Have you heard of Apache?
Q2. If so, can you name an Apache product?
Weāre willing to wager that you will get one of two replies:
A1. No. A2. (Not applicable.)
A1. Yes. A2. Log4j.
Two weeks ago, however, weād suggest that very few people had heard of Log4j, and even amongst those cognoscenti, few would have been particularly interested in it.
Until a cluster of potentially catastrophic bugs ā originally implemented as features, on the grounds that less is never more ā were revealed under the bug-brand Log4Shell, the Log4j programming library was merely one of those many components that got sucked into and used by thousands, perhaps even hundreds of thousands, of Java applications and utilities.
Log4j was just āpart of the supply chainā that came bundled into more back-end servers and cloud-based services than anyone actually realised until now.
Many sysdamins, IT staff and cybersecurity teams have spent the past two weeksĀ eradicating this programmatic plagueĀ from their demesnes. (Yes, thatās a real word. Itās pronouncedĀ domains, but the archaic spelling avoids implying a Windows network.)
Donāt forget āthe other Apacheā