Apache has released another Log4j version, 2.17.1, fixing a newly discovered remote code execution (RCE) vulnerability in 217.0, tracked as CVE-2021-44832. The vulnerability stems from the lack of additional controls on JDNI access in log4j. Security researcher Yaniv Nizry claimed credit for reporting the vulnerability to Apache: “Stay tuned for a blogpost 😉 pic.com/D56WpWpVsuF3” Security expert Kevin Beaumont labeled the instance another “failed Log4J disclosure in motion” during the holidays.”]

