The Apache Software Foundation released 3rd patch for the Log4j utility to address new denial-of-service (DOS) vulnerability—CVE-2021-45105. The new vulnerability affects all versions of Log4j from 2.0-beta9 to 2.16.0

This issue has been fixed in Log4j 2.17.0.

More information on vulnerability and update is available in the Apache’s release note – apache.org.