Has anyone been able to get a response from Atlassian or seen any press release or info about what Atlassian is doing about Apache Log4j2 vulnerability? I opened a ticket yesterday and because of the level of severity was shown we would be contacted within 2 hours. It's been a day.
They have the following FAQ page:
https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html
There is also this page, which addresses 3rd-party apps:
From what I can read, the version of log4j that Atlassian uses for on-prem systems is not vulnerable out of the box. If you are running on-prem, you can configure it to be vulnerable, but you have to perform multiple steps to do so.
They have already mitigated the vulnerability in cloud, so it is no longer a concern.
You can read up on it here: https://thejiraguy.com/2021/12/15/log4shell/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.