All Log4j, logback bugs we know so far and why you MUST ditch 2.15

If anyone asks you why Log4j is getting more attention than the Birthday Girl…:

Below we summarize the multiple relevant CVEs identified thus far, and pretty good reasons to ditch log4j version 2.15.0, in favor of 2.16.0.

Update Dec 18th, 05:33 AM ET: New 2.17.0 version is out now replacing 2.16.0 that has been found to be vulnerable to CVE-2021-45105, a DoS flaw.
The article below has been updated to include this new CVE along with an additional report released by BleepingComputer today.

. […]

Original Article