Log4j 2.17.0 is out and protects against infinite recursion DoS. CVSS 7.5 logging.apache.org/log4j/2.x…
Log4j 2.16.0 is out and completely disables JNDI by default. logging.apache.org/log4j/2.x…
15
172
23
383
It would help if they had release dates on there. Did .17 release yesterday? Or earlier this week?
2
Dates can be found here: logging.apache.org/log4j/2.x…
2.17.0 was the 17th, 2.17.1 was the 27th.
1