Log4j Exploit 0-Day
The Omada SDN software includes the vulnerable Log4j java files. Hopefully TP-Link provides a patch soon as all information indicates this 0-Day is being actively exploited, what that means to the Omada SDN is not exactly known.
As a quick update and NO WARRANTY on this information is expressed.
Following the same advice given to Ubiquiti users on their forums before they released a release candidate patch you can stop the Omada software, replace the log4j java files and then re-start the controller. I have verified this appears to not cause any issues on my controller, of course this only works if you are hosting on Windows or Linux. Thank you to leonardogyn on the Unifi forums.
downloaded 2.15.0 log4j zip/tgz package from the apache log4j repository
extracted the file
stopped the Omada SDN Controller
moved the newly extracted files
to <Omada SDN>/lib/ *BUT* renaming them to overwrite the existing 2.13.3 files. You can't get them with their 2.15.0 names there, you need to overwrite the existing 2.13.3 files with the newer ones.
5) once log4j*jar files are replaced, just restart the Controller, and you're good to go!