A second log4j vulnerability, published as CVE-2021-45046, was discovered on December 14th, 2021. An emergency update issued by Apache for CVE-2021-44228 was determined to be incomplete in certain non-default configurations, making it possible to execute denial-of-service (DOS) attacks and download data from affected servers.