Log4j vulnerability

Hi,

I am running the latest Jira Software LTS version 9.4.6

It is currently being flagged out for Log4j vulnerability for having 1.2.17

The fixed version for the vulnerability is 2.16.0

When will a LTS fix be available and will this vulnerability only be fixed when a new Jira version with Log4j 2.16.0 be out?

Thank you.

1 answer

0 votes

Hi @Alvin Koh Welcome the Atlassian community.

As per the below Atlassian ticket you need to upgrade the Jira to 9.5.0 to get updated with Log4J to >= 2.17.2 But this is not an LTS release and I think LTS release with more than 9.5 version will take some time to get released as LTS 9.4.7 is also released but I think Log4J >= 2.17.2 is fixed from the version 9.5.x only.

https://jira.atlassian.com/browse/JRASERVER-62838

https://confluence.atlassian.com/jirasoftware/jira-software-9-4-x-release-notes-1178869757.html

Also, I would recommend to create a ticket with Atlassian to confirm the same with them if there is any workaround apart from upgrading the Jira to 9.5.0 which is not an LTS version

https://support.atlassian.com

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Log4j vulnerability

1 answer

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events