Apache Log4j2 vulnerability

Has anyone been able to get a response from Atlassian or seen any press release or info about what Atlassian is doing about Apache Log4j2 vulnerability? I opened a ticket yesterday and because of the level of severity was shown we would be contacted within 2 hours. It's been a day.

2 answers

1 vote

They have the following FAQ page:

https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

There is also this page, which addresses 3rd-party apps:

https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

From what I can read, the version of log4j that Atlassian uses for on-prem systems is not vulnerable out of the box. If you are running on-prem, you can configure it to be vulnerable, but you have to perform multiple steps to do so.

They have already mitigated the vulnerability in cloud, so it is no longer a concern.

You can read up on it here: https://thejiraguy.com/2021/12/15/log4shell/

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Apache Log4j2 vulnerability

2 answers

Suggest an answer

Was this helpful?

Thanks!

DEPLOYMENT TYPE

VERSION

TAGS

Community showcase

Atlassian Community Events