A second Log4J vulnerability, CVE-2021-45046, has been identified following the initial CVE-2021-44228. This new vulnerability is actively being exploited and users should update to version 2.16.0 as soon as possible. Cloudflare WAF customers have three rules available for mitigating exploit attempts, with an additional fourth rule providing broader protection but at the cost of a higher false positive rate. Log4J is a Java-based logging library maintained by Apache Software Foundation and is affected in all versions >= 2.0-beta9 and <= 2.14.1 due to JNDI features that can be exploited for remote code execution.