Hey folks, I imagine a lot of people are dealing with log4Shell right now. I wanted to drop a link to this JIRA comment <https://issues.apache.org/jira/browse/LOG4J2-3201?focusedCommentId=17456954&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17456954> that has a pretty clever way to handle it. You can unzip the jar, delete the class, and it keeps working. It relies on this block <https://github.com/apache/logging-log4j2/blob/rel/2.0/log4j-core/src/main/java/org/apache/logging/log4j/core/lookup/Interpolator.java#L75-L83>, which is a pretty lucky break.
The whole thing can be run as zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class We've had good luck patching Storm 1.2.2. Good luck to everyone patching their systems today! Keith.
