2.16.0 Logj is the latest!
Following further analysis by the security community, earlier information regarding the latest available Apache Log4j version has now been superseded.
Vulnerabilities tracked as CVE-2021-45046 (NVD – CVE-2021-45046 (nist.gov) have been identified in the patch, released as Log4J 2.15.0 and there are early indications that attackers are actively exploiting these against those who have already applied the update; incorrect configurations made it possible for attackers to perform denial-of-service attacks.
Apache version 2.16.0 is now the latest and is believed to address the vulnerability by removing support for message lookup patterns and disabling JNDI functionality by default.
As a customer, if you require support in either locating Log4j files or addressing this vulnerability holistically, please log a ticket with the
Origina Support Desk.
If you’re not a customer yet, please contact us. We are here to help.