The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.