Play Framework uses Logback as its standard logging library instead of log4j2.
Logback has also been released to address the vulnerability, although log4j2 has been spared from addressing the more urgent vulnerability. http://logback.qos.ch/news.html
Are you planning to release a version that supports these in the near future?
Or is there a policy for an emergency release with the latest version applied?
Many projects support this by overriding their own version of the Logback library. It is good for all Play Framework users that Play Framework releases with the latest version of Logback applied.