Dos

Log4j 2.17.0 was released due to security reason. It fixes DoS vulnerability in 2.16.0 and below on v2. As to the new vulnerability on DoS (denial-of-service), it’s safe with a default Pattern Layout where a Context Lookup such as $${ctx:loginId} are NOT used in logging configuration. ...

Read