The Apache Software Foundation released security update for Log4j fixing a newly discovered remote code execution (RCE) vulnerability, tracked as CVE-2021-44832. The new vulnerability affects all versions of Log4j from 2.0-alpha7 to 2.17.0.

This issue has been fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6).

More information on vulnerability and updates is available in the Apache’s release note – apache.org.