The correction for the log4j was originally delivered in log4j 2.15

However, since that time, another correction was delivered ... in log4j 2.16.

And yes, yet another update was made to log4j:

Apache releases new 2.17.0 patch for Log4j to solve denial of service vulnerability

If you have already downloaded 2.15 or 2.16 and applied it - no harm,

but you'll still need 2.17 Jar to attend to the 2nd vulnerability.

 

If you have NOT already downloaded 2.15 or 2.16, please download 2.17 as it is inclusive of 2.15 & 2.16.

The jars can be found in THIS folder (zip file w/ instructions on how to apply it).

 



Sunday, December 12, 2021

« Back