Four million outdated Log4j downloads were served from Apache Maven Central alone despite vuln publicity blitz

It's not as though folks haven't been warned about this
There have been millions of downloads of outdated, vulnerable Log4j versions despite the emergence of a serious security hole in December 2021, according to figures compiled by the firm that runs Apache Maven's Central Repository.…