Updates: Since this blog post has been published, a new logback 1.2.9 version has been published. While this fixes a security issue, prerequisites for exploits are very different as they "requires write access to logback's configuration file". Log4J also released a new 2.17.0 version with fixes for CVE-2021-45046 and CVE-2021-45105. Spring Boot 2.5.8 and 2.6.2 haven been released and provide depen
![Log4J2 Vulnerability and Spring Boot](https://cdn-ak-scissors.b.st-hatena.com/image/square/eba44fb4c1905fb27cc470092478f4019c240511/height=288;version=1;width=512/https%3A%2F%2Fspring.io%2Fimg%2Fog-spring.png)