Context:
Log4j released a significant update in version 2.15 to address a major security vulnerability found (see here for more detail). An additional vulnerability was identified & resolved in log4j version 2.16.
The latest version for customers to upgrade their HCP secondary gateway & private clouds is HCP 3.18.3 which contains log4j 2.16.
Issue:
Some customers are unable to upgrade HCP for multiple reasons but they still want to be protected against the log4j vulnerability.
Resolution:
Customers should add the below line into the config file: /opt/hcp/conf/wrapper-hcp-server.conf
wrapper.java.additional.14=-Dlog4j2.formatMsgNoLookups=true
Example:
HCP service restart is required after the change has been applied:
sudo systemctl restart hcp-server
Comments
0 comments
Please sign in to leave a comment.