VMware has released PXF 6.2.1 and GPText 3.8.1 which are available in the latest VMware Tanzu Greenplum releases (5.29.2 & 6.19.0).

These two versions update the Apache Log4J component to 2.16.0 which will address both CVE covered in this article.

However, stated here that only Apache Log4J component to 2.17.1 is actually safe.

In the default configuration, PXF is not exposed to the CVE-2021-44832 which is fixed in Apache Log4j 2.17.1

Note that future PXF release 6.2.3 will be shipping with Apache Log4j 2.17.1​​​​​​