Apache Log4j is a Java logging tool. Due to the official confirmation of the previous vulnerability (CVE-2021-44228), the patch (version 2.15.0) has not completely patched the vulnerability (this vulnerability warning is NCCST released on 2021/12/13 -ANA-2021-0000612 alert), resulting in a security vulnerability in the updated Log4j (the new vulnerability number is CVE-2021-45046), attackers can use the vulnerability to remotely execute arbitrary programs by sending specially crafted JNDI lookup messages code or leak information

[Affects platforms using this mod:]
Apache Log4j 2.0-beta9 to 215.0 (inclusive), but not 2.12.2

[Suggested action:]
Currently, Apache Log4j official website has released an update program for this vulnerability, please confirm and update the version (Java 7 users update to Log4j 2.12.2, Java 8 users update to Log4j 2.16.0):
https://logging.apache.org/log4j/2.x/security.html

Hexiang Information has not adopted and used Apache Log4j related services, relevant supporting documents

HERHSIANG Firewall and Email Security Device Proof