35% of Log4j downloads are grabbing the vulnerable version (writing.gonze.com) 19 points by lucasgonze 4y ago ↗ HN
[–] jimmySixDOF 4y ago ↗ Begging the question of why the vulnerable version is still available to be grabbed in the first place? [–] Shadonototra 4y ago ↗ this, companies who are hosting known vulnerable libraries should be charged criminally imo [–] lucasgonze 4y ago ↗ That's one of the open questions. YES. Absolutely. [–] nikonyrh 4y ago ↗ Deleting them would break builds ;)
[–] Shadonototra 4y ago ↗ this, companies who are hosting known vulnerable libraries should be charged criminally imo
4 comments
[ 1.7 ms ] story [ 21.7 ms ] thread