I am posting this and pinning it since the other post on lib4j2 has gotten too long and confusing for people.
THE LATEST UPDATE 12.20.21
Update your Wowza Streaming Engine instance to fix the security vulnerability with Apache Log4j2 versions earlier than 2.16.0 (CVE-2021-44228 & CVE-2021-45046).
The updater uses the latest Apache Log4j v2.17 files.
This was completed Monday December 20th based on new information from Apache.
Wowza has verified after running the updater that there are no current issues when scanning the server and that it meets the required mitigation action according to Apache.
The doc and instructions can be found here.
ALSO! Yes, there will be a new Streaming Engine version coming out that addresses all of this once we know that Apache will not release another new version of the log4j2 library (for a while anyways).
At this time, Apache is doing what it needs to and is releasing new versions, so please use the Streaming Engine updater for now. I’ll keep you up to date. Thanks!