Only the most recent release of Apache Log4j 2 is supported.
Reporting a Vulnerability
If you have encountered an unlisted security vulnerability or other unexpected behaviour that has security impact, please report them privately to the Log4j Security Team.