Hi,
Denodo uses an Apache Log4j2 version which is affected by the vulnerability. To mitigate the issue, please add the following property to the JVM options of all Denodo servers:
-Dlog4j2.formatMsgNoLookups=true
The Configuration of the JVM Parameters from the Command Line User Guide for [Virtual DataPort](https://community.denodo.com/docs/html/browse/8.0/en/platform/installation/denodo_platform_control_center/configuration_of_the_jvm_parameters_from_the_command_line/configuration_of_the_jvm_parameters_from_the_command_line) and [Solution Manager](https://community.denodo.com/docs/html/browse/8.0/en/solution_manager/installation/denodo_platform_control_center/configuration_of_the_jvm_parameters_from_the_command_line/configuration_of_the_jvm_parameters_from_the_command_line) explain how this can be done. After adding the property to java.env.DENODO_OPTS_START of all Denodo tools and servers, running the regenerateFiles script, and restarting all servers, the vulnerability is no longer exploitable.
If you have a valid support account, you can open a support case for more information.
Hope this helps!