This is a critical security vulnerability in the `log4j-core` library of Java logging frameworks, which allows attackers to execute remote code in vulnerable environments. To mitigate this risk, it's essential to identify where Log4j is being used, upgrade to version 2.17.1 or higher, remove the Log4j lookup capability, disable lookups via properties, and monitor projects for auto-PR support. Upgrading your JDK is not enough, and additional steps such as adding WAF rules and restricting egress back to the internet can also help mitigate the risk. The vulnerability was discovered on December 10th, 2021, and it's considered a zero-day threat that requires urgent action to fix.