Note that log4j 2.16.0 has now been released to fix vulnerabilities still present in the 2.15.0 released a few days ago, and many of the mitigations published in the last week are now considered inadequate: <https://logging.apache.org/log4j/2.x/security.html>