Given the recent log4j vulnerability, should I update jdk versions or should I manually update log4j?

As the title says, I'd like to know the best path moving forward for updating Java. If it's possible, I'd like the process to be so simple as to just update to the latest jdk8uXXX.


They are two separate things. Log4j can be used with different JDK versions. Regarding the log4j security risk detected you should update your log4j library version, not the JDK. Updating the JDK will have no effect on the log4j security risk.

Remember that only log4j 2.x are affected, not 1.x. And that the first version with the fix is 2.15.0.