| > Java and have libraries that cover almost anything provided in those languages, This is pretty funny. or example, the other day I wrote a menu for mac os using rumps. Simply pip install rumps, write code, run, boom Mac os menu. Let me know when I can do the equivalent for java, or any other "performant" language. >As if no Python, JS, C/C++ libraries ever had vulnerabilities? Comparing the severity of log4shell to any python vulnerability is beyond crazy. You have the Apache foundation, pushing its logging library as the industry standard, and multiple people saw no problem with not only the idea of a log statement being able to execute arbitrary code from the internet, but also making it the default behavior. If at that point, everyone would instantly abandon any software from Apache in Java, I would have more respect for Java devs. But of course, they can't, because the ecosystem is so small that there is no replacements, so everyone is forced to cuck out to Apache, and who knows what and when other idiotic decision they are going to make. And as a reminder, this used to be a thing https://www.reddit.com/r/java/comments/19s23g/online_counter... There are plenty of other issues to cover on Java, but the log4shell pretty much is indefensible. Even if Im wrong about everything else, my argument still stands on that alone. |