Misleading reasoning in README #22
Description
README says:
Software made or managed by the Apache Software Foundation (From here on just "Apache") is pervasive and comprises nearly a third of all web servers in the world—making this a potentially catastrophic flaw.
I do not see the point of this sentence. Using httpd from Apache has nothing to do with log4j, neither has commons-io. It's easy for a reader to conclude that all Apache software is bad. Did you intend this implication?
Furthermore, just because 33 % of the servers are using software from the Apache Software Foundation doesn't make all of these servers vulnerable to log4shell.