For customers who cannot upgrade to the 4.27 patch version currently, the log4j system property can be used to prevent the vulnerability. The way to do this would be to add a Snaplex property with key as
jcc.jvm_options and value as
-Dlog4j2.formatMsgNoLookups=true. See Snaplex update docs for details on updating properties.
On saving the Snaplex properties in the Manager, if the nodes are running with slpropz, there will be a UI prompt asking for node restarts with the config change. Accepting that prompt will initiate a rolling restart of the Snaplex nodes with the change. No manual restarts are required.
If the node restart UI prompt does not show up, that means the Snaplex has no nodes or the nodes are running with global.properties file (the older way of Snaplex configuration, without using slpropz files). To update such nodes with the new property, the
/opt/snaplogic/etc/global.properties file will have to be manually updated. A line like
jcc.jvm_options = -Dlog4j2.formatMsgNoLookups=true
has to be added to the file. If a jcc.jvm_options entry already exists, then the new property can be appended with a space as the delimiter, like
jcc.jvm_options = -Dmykey=myvalue -Dlog4j2.formatMsgNoLookups=true
The JCC would have to be manually restarted. Each node in the Snaplex can be placed into maintenance mode one at a time and then restarted to load the property update.
Note that for nodes using slpropz config, manual restarts are not required. The property updates and rolling restarts are automatic.