AWS's Log4j patches blew holes in its own security