Log4j and VMware Tanzu Application Service

Log4j and VMware Tanzu Application Service

This video goes into detail on how to perform application and platform mitigation of the Log4j CVEs using VMware Tanzu Application Service. Please note: This content is relevant as of 12/16/21 and could become outdated due to the ever-changing Log4j situation.

Here are some additional resources regarding this vulnerability:

High-level VMware Security Advisory:
https://www.vmware.com/security/advisories/VMSA-2021-0028.html

Tanzu Application Service KB:
https://community.pivotal.io/s/article/Workaround-instructions-to-address-CVE-2021-44228-in-Tanzu-Application-Service-2-7-through-2-12

Operations Manager KB:
https://community.pivotal.io/s/article/5004y00001mPn2N1639255611105

Buildpack KB:
https://community.pivotal.io/s/article/CVE-2021-44228-Apache-Log4j2-JNDI-Remote-Code-Execution

Apache Lo4j security link:
https://logging.apache.org/log4j/2.x/security.html

Example java code:
https://stackoverflow.com/questions/70317385/gradle-java-how-to-upgrade-log4j-safely/70321593