Anyone know if this is something that impacts Cloud director. And so. How to/where to pass log4j2.formatMsgNoLookups=true in the configuration?
CVE-2021-44228
I've been wondering about the same thing - nothing to be seen in any of the log4j communication about Cloud Director, even though the system clearly runs a Java stack, and is explicitly designed to be made accessible from the public Internet (in contrast to most other products).
It seems Cloud Director is "not impacted": https://kb.vmware.com/s/article/87068?lang=en_US
For the latest information regardingCVE-2021-44228 - Remote code execution vulnerability via Apache Log4j - Please go here https://www.vmware.com/security/advisories/VMSA-2021-0028.html
A moderator may move this thread to the area for vCD.