Log4j released a significant update in version 2.15 to address a major security vulnerability found (see here for more detail). An additional vulnerability was identified & resolved in log4j version 2.16.
The latest version for customers to upgrade their HCP secondary gateway & private clouds is HCP 3.18.3 which contains log4j 2.16.
Some customers are unable to upgrade HCP for multiple reasons but they still want to be protected against the log4j vulnerability.
Customers should add the below line into the config file: /opt/hcp/conf/wrapper-hcp-server.conf
HCP service restart is required after the change has been applied:
sudo systemctl restart hcp-server