- Update log4j to 2.16.0 No confirmed attack vector, and definitely no attack vector for normal setups, but, just in case.