Hi @Mohammad_Ullah ,
None of the 2.33 patches have this vulnerability, as far as we are aware, as they all use an older version of Log4j (which doesn’t contain the exploit). It is fine to add the JVM parameter as a precaution, of course.
We will continue to communicate security issues, in a responsible manner, as we are aware of them. Please feel free to subscribe to the dhis2-security tag on the CoP (see New 'dhis2-security' tag for all important security alerts!) if you wish to recieve notifications for related posts.
Kind regards,
Phil