He also mentions the improved plugin architecture, enhanced configuration (with hot-reloading, JSON and properties) and how Log4j 2.0 addresses many deadlock issues from Log4j 1.x.

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers.

Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.

CrowdStrike said in a new report that they've seen a China-based group searching for intellectual property through Log4Shell.