Suspicion of a DoS bug affecting log4j 2.16.0 arose on Apache's JIRA project about three days ago, shortly after 2.15.0 was found to be vulnerable to a minor DoS vulnerability (CVE-2021-45046).

After Log4j, White House fears the next big open source vulnerability The White House is holding a meeting today with tech leaders to discuss Log4j and other potential vulnerabilites.

New research released by security provider Cycognito finds that 70% of organizations are struggling to address Log4j.

As cybersecurity teams grapple with having to potentially patch their systems for a third time against Apache Log4j vulnerabilities, additional malware strains exploiting the flaws and an attack ...

As of Friday, version 2.15.0 had been released: log4j-core.jar is available on Maven Central here, with release notes are available here and Apache’s Log4j security announcements available here.