We’re doing updates/patches for this (LogJ4) vulnerability at work as soon as they are available. It’s is draining resources. It is causing my team to miss goals.
they were already available - 1.12 series - but depending on how you use log4j you may (most likely) not need it - it requires a combination of unusual use cases; at my company we triaged and then wrote up we didn’t need to do anything but would still upgrade.