Debian LTS: DLA-2870-1: apache-log4j2 security update


Apache Log4j2, a Java Logging Framework, is vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote