To fix the vulnerability, log4j version 2.17.0 (for Java 8) has been released today and allows only "lookup strings in configuration" to expand recursively.

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most ...

Attackers are actively exploiting a critical vulnerability in Apache Log4j, a logging library that’s used in potentially millions of Java-based applications, including web-based ones.

Patch fixing critical Log4J 0-day has its own vulnerability that’s under exploit If you've patched using Log4J 2.15.0, it's time to consider updating again. Stat.