Another upstream vulnerability
Earlier this year, I wrote about hackers targeting upstream sources (see link).
In December, another big software vulnerability was disclosed. This time concerning a widely used Java library (see CVE-2021-44228). This disclosure is a reminder that all software providers need to understand what code they are using, and to keep it up to date.