Last weekend, the internet caught fire, and it is still unclear just how many developers with fire extinguishers will be needed to bring it under control. There was a set of first responders on the scene, however: largely unpaid maintainers or developers working in their spare time to patch vulnerabilities, issue guidance, and provide some much-needed clarity among the chaos.
On December 9, the Apache Foundation released an emergency update for a critical zero-day vulnerability called Log4Shell which had been identified in Log4j, an open source logging framework used in all kinds of Java applications.