If the Log4j configuration file is inside of a JAR file, then the JAR file (which is backed by the JarURLConnection retrieved from URL.openConnection) isn't closed.
This causes problems on Tomcat running on Windows during undeploying of an application, because the opened JAR file can't be deleted.
The problem was introduced during implementation of
LOG4J2-2901 (version 2.14.0), where the URL.openStream was replaced by URL.openConnection in the class org.apache.logging.log4j.core.config.ConfigurationSource.
The proposed solution (https://github.com/apache/logging-log4j2/pull/780) is to use the URL.openConnection only when needed (~ configuration URL has HTTPS protocol), otherwise similar code as in previous versions (<= 2.13.3) would be used.