Log4J has announced yet another variant on these same issues, CVE-2021-45105. Fortunately, it only affects applications that use a non-default configuration of Log4J with a Pattern Layout that uses a Context Lookup.

LabKey Server does not use this configuration, so like the previous vulnerability, CVE-2021-45046, this newest announcement does not impact our users. Regardless, we will adopt the latest Log4J release, 2.17.0, for everyone's peace of mind, but it does not need to be rolled out as an emergency patch.

Thanks,
Josh