This week many organizations went through the scare caused by critical security vulnerability of commonly used Apache Log4j Java-based logging utility. Shortly after Apache announcement attackers in the wild began exploiting the Log4j vulnerability, prompting government cybersecurity institutions worldwide, including the US Cybersecurity and Infrastructure Security Agency, to issue alerts urging organizations to patch their systems immediately. The majority of Java-based decisioning platforms quickly provided advices and updates to their customers. Make sure that your application is safe by relying on the latest Log4J Release 2.16.0 (not 2.15.0!) that mitigates this vulnerability. Link
dmcommunity.org 
On Dec.18 Apache released new 2.17.0 patch for Log4j to solve another vulnerability that may cause denial of service: https://www.zdnet.com/article/apache-releases-new-2-17-0-patch-for-log4j-to-solve-denial-of-service-vulnerability/