For those of you locally hosted, how are you mitigating the Log4j zeroday? Per eCW’s security notification, they are addressing this for their hosted customers—for locally hosted they gave a generic “Add logj42.formatMsgNoLookups=true” w/out describing where to implement that.
Successfully added to the log4j.properties file and added to the tomcat service startup commands—but that hasn’t closed the vulnerability from my testing.