Apache releases new 2.17.0 patch for Log4j to solve denial of service vulnerability
Apache said version 2.16 “does not always protect from infinite recursion in lookup evaluation” and that it is vulnerable to CVE-2021-45105, a high-severity DoS vulnerability with a CVSS score of 7.5.
