He also mentions the improved plugin architecture, enhanced configuration (with hot-reloading, JSON and properties) and how Log4j 2.0 addresses many deadlock issues from Log4j 1.x.

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most ...

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers.