The correction for the log4j was originally delivered in log4j 2.15 However, since that time, another correction was delivered ... in log4j 2.16. And yes, yet another update was made to log4j: Apache releases new 2.17.0 patch for Log4j to solve denial of service vulnerability If you have already downloaded 2.15 or 2.16 and applied it - no ...