[$] Lessons from Log4j

By now, most readers will likely have seen something about the Log4j vulnerability that has been making life miserable for system administratorssince its disclosure on December 9. This bug is relatively easy toexploit, results in remote code execution, and lurks on servers all acrossthe net; it is not hyperbolic to call it one of the worst vulnerabilitiesthat has been disclosed in some years. In a sense, the lessons from Log4jhave little new to teach us, but this bug does highlight some problems inthe free-software ecosystem in an unambiguous way.