The maintainers of the Java Log4j project had only three sponsors, despite the software being a crucial part of large companies' commercial products and enterprise applications.

More than 80% of Java packages affected by the vulnerability in the Apache Log4j library cannot be updated directly and will require coordination between different project teams to address the flaw.

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers.