A new Debian Linux update has been published: DLA 2842-1: apache-log4j2 security update
An apache-log4j2 security update has been released for Debian GNU/Linux 9 LTS to address an issue where an attacker can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.Read more @ Linux Compatible
