Log4j 2.17.1 out now, fixes new remote code execution bug
While the risk posed by the original Log4Shell exploit is critical, milder variants of the vulnerability emerged in Log4j versions, including 2.15 and 2.16—previously believed to be fully patched.
