The Apache Software Foundation has pushed out a new fix for the Log4j utility after the previous patch for the recently disclosed Log4Shell exploit was deemed as "incomplete in certain non-default configurations."

The second vulnerability — tracked as CVE-2021-45046 — is rated 3.7 on the CVSS rating system and affects all versions of Log4j from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0.

This issue has been fixed in Log4j 2.12.2 and Log4j 2.16.0.

More information on vulnerability and update is available in the Apache’s release note – apache.org.