Documents and interviews reveal Apache developers' efforts to patch the Log4j flaw, after they were alerted about the flaw on Nov. 24 by an employee at Alibaba — At 2:51 p.m. on Nov. 24, members of an open-source software project received an alarming email.