This video goes into detail on how to perform application and platform mitigation of the Log4j CVEs using VMware Tanzu Application Service. Please note: This content is relevant as of 12/16/21 and could become outdated due to the ever-changing Log4j situation.

Here are some additional resources regarding this vulnerability:

High-level VMware Security Advisory:
https://www.vmware.com/security/advisories/VMSA-2021-0028.html

Tanzu Application Service KB:
https://community.pivotal.io/s/article/Workaround-instructions-to-address-CVE-2021-44228-in-Tanzu-Application-Service-2-7-through-2-12

Operations Manager KB:
https://community.pivotal.io/s/article/5004y00001mPn2N1639255611105

Buildpack KB:
https://community.pivotal.io/s/article/CVE-2021-44228-Apache-Log4j2-JNDI-Remote-Code-Execution

Apache Lo4j security link:
https://logging.apache.org/log4j/2.x/security.html

Example java code:
https://stackoverflow.com/questions/70317385/gradle-java-how-to-upgrade-log4j-safely/70321593