Bypass of allowedLdapHost check in Log4j 2.15.0 – Log4Shell (CVE-2021-44228)

Was the patch issued for 2.15 the allowed host/class check, or was the feature disabled by default entirely (which is what I thought I read was done?).