It’s not even a cron job. It’s a single apt install.

kafkaIncarnate · on Jan 29, 2022

log4j was different because each proprietary vendor has their own prepackaged version of it for some reason. Even SAN software or VMware.

Still, the mitigation was like 4 hours to hunt and disable, and 2 more hours when a full patch came around. Not too difficult.

It was only time consuming for those who worked in Cloud providers where all this crap is centralized and understaffed. In real world scenarios there were tons of teams completely unaffected.