The gift that keeps on taking

from here and here

Log4j is still out there after an entire year. It's hardly the first time a vulnerability has been left unpatched within the online world, but an easy to exploit vulnerability with the highest severity possible still being unpatched after a year? That's not a good precedent to set.