A year ago, Google engineers laid the foundation of Operation Rosehub, a project during which Google employees used some of their official work time to patch thousands of open source projects against a severe and widespread Java vulnerability. The vulnerability was present in seven “gadget”” classes inside the Apache Commons Collections library
Source: and 4.0.1