Hi all, I have seen multiple ways to mitigate the effects of CVE-2021-44228 (Log4Shell) for different Log4J 2.x versions. One thing I have not seen is to set the log level to OFF. This would effectively disable logging, of course, but it might be a temporary mitigation that works for us.
Can anyone confirm that setting the log level to OFF closes the attack vector effectively? Thanks, Uwe
