'Last Thursday, the world learned of an in-the-wild exploitation of a critical code-execution zero-day in Log4J, a logging utility used by just about every cloud service and enterprise network on the planet. Open source developers quickly released an update that patched the flaw and urged all users to install it immediately. Now, researchers are reporting that there are at least two vulnerabilities in the patch, released as Log4J 2.15.0, and that attackers are actively exploiting one or both of them against real-world targets who have already applied the update. The researchers are urging organizations to install a new patch, released as version 2.16.0, as soon as possible to fix the vulnerability, which is tracked as CVE-2021-45046. ' -- source: https://arstechnica.com/information-technology/2021/12/patch-fixing-critical... Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/