More than 35,000 Java packages, amounting to over 8% of the Maven Central repository, have been impacted by the recently disclosed log4j vulnerabilities (1, 2), with widespread fallout across the software industry.