Is the Log4J Vulnerability gone? What have been the most important lessons for businesses so far?

You may have heard by now that a security vulnerability in a software logging package called Apache Log4j was discovered late last year. Many of the available Java artifacts from Maven Central have been repaired. This means, that an artifact affected by log4j is considered fixed if it has been updated to log4j 2.17.0 or has been removed from its dependency altogether. However, while about 5000 of the affected artifacts have indeed been fixed, there are still more than 30,000 that are still affected. In short, when all layers and dependencies are taken into account, it may be years before the vulnerability is completely