35% of Log4j downloads are grabbing the vulnerable version

Begging the question of why the vulnerable version is <i>still</i> available to be grabbed in the first place?