Right now, any Message instance used to call any log method are simply sent as they are.
Instead, the Throwable must be transformed into a ThrowableProxy. Custom Message implementations must be transformed into one of log4j's standard message implementations and care must be taken to convert the Parameters Object into String before the message is serialized.
Otherwise, deserialization will fail if a custom Throwable, custom Message or custom parameter is not contained in the classpath of the application receiving the serialized LogEvent.
I found those issues while implementing the circumvention for Apache Commons statement to widespread Java object de-serialisation vulnerability in Lilith.