HeroDevs releases a drop-in replacement for Log4j 2.17.x patching two TLS hostname verification bypasses and three log pipeline vulnerabilities with no upstream fix available.