Apache releases Log4j version 2.17 to fix yet another high-severity denial-of-service vulnerability. The latest patch comes after the U.S. Cybersecurity and Infrastructure Security Agency issued an emergency directive on Friday. The directive requires federal civilian departments and agencies to immediately patch their systems or implement appropriate mitigation measures, the agency says. The vulnerability is tracked as CVE-2021-45105 with a CVSS score of 7.5 – that affects all versions from 2.0-beta9 to 2.16.”]
Source: https://www.cuinfosecurity.com/time-to-patch-log4j-again-apache-releases-217-fixing-dos-a-18153