Hi all,
Daniel with Atlassian Support here to let you know our security team has finished its investigation. We have an official response statement here on Community, which you can access at this link.
More information can be found on our advisory page, as well as the previously-published FAQ:
Thanks,
Daniel Eads | Atlassian Support
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
https://stackoverflow.com/questions/70334503/cve-2021-44228-and-log4j-1-2-17
As log4j 1.x does not offer a look-up mechanism, it does not suffer from CVE-2021-44228. However, note that log4j 1.x is no longer being maintained.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @svnc
You may check the information provided by Atlassian in the following link: https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html. Basically, only if you have org.apache.log4j.net.JMSAppender in your log4j, you may be vulnerable. The mitigation is to disable this temporarily.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Show up and give back by attending an Atlassian Community Event: we’ll donate $10 for every event attendee in March!
Join an Atlassian Community Event!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.