Please update the title to indicate this is a low severity CVE and prevent managers around the world from panicking and summoning their developers and engineers back at work during this shut down period.
To be honest, I panicked reading this title when I opened HN this evening, but reading the CVE entry tells me this isn't anywhere close to as serious as CVE-44228.
You have a responsibility to not just share information on HN, but to share it in an accurate and well thought manner.
The weekend spanning the 11th and 12th December was the first full weekend my entire team and I had to work in years.
This should not happen again without good reason. Announcing that there is a "New Log4j2 vulnerability" is a sure way of getting many good-willed managers, who may lack the deeper understanding us developers have of the vulnerability because we are able to spend more time on it, panicked and executing our critical incident response framework when it's not needed.
I know that we were not the only ones working that weekend, many of my counterparts were also tirelessly working this entire weekend too, along with much of HN I assume. Let's not do this again unless it's truly necessary.
To be honest, I panicked reading this title when I opened HN this evening, but reading the CVE entry tells me this isn't anywhere close to as serious as CVE-44228.
You have a responsibility to not just share information on HN, but to share it in an accurate and well thought manner.