brian worrell

Tryashtar.  Why submit a POC, when news stories already showed the POC in action for Minecraft and how it was exploited? Or the fact that the Open source software creator / maintainer is saying that the critical issues are not addressed unless you are at a version of at least 2.17 (The issue resolved in 2.17.1 is important, but is not aC CVSS of 9 or higher like the others).

You risk the safety of your users by not patching this vulnerability.

Per Apache, you have to have log4j version 2.17. Anything lower is vulnerable.  Previous mitigations are being seen to be ineffective at this time.

Log4j – Apache Log4j Security Vulnerabilities