Previously was at 2.17.0 but that was found to potentially allow remote code execution (RCE) using the JDBC Appender if the attacker is able to control the Log4j logging configuration file. The issue has been given a “Moderate” severity rating, lower than the vulnerability that started it all