[intro-b]

bc log4j isn't some random library people found on the street it's been used in industry forever lol

yea literally any library/dependency can introduce risk, including stuff coded internally for those purposes