The Apache Software Foundation
Apache JSPWiki 2.11.0
Apache JSPWiki, 2.11.0 release is using a bundled version of the Apache Log4J library vulnerable to Remote Code Execution. For full impact and additional detail consult the Log4J security page.
Apache JSPWiki releases prior to 2.11.0 use Log4J 1.2.17 which may be vulnerable for installations using non-default logging configurations that include the JMS Appender, see https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 for discussion.
Any of the following are enough to prevent this vulnerability for Apache JSPWiki installations: