Second Log4j vulnerability discovered, patch already released

Apparently the patch for the first vulnerability was "incomplete."