Hi
pls provide the impact of log4j issue on below bamboo plugins
Stellarity Software | PowerShell Task for Bamboo (Server) |
AutoTestingTools | UFT for Bamboo for Bamboo (Server) |
Mibex Software GmbH | Sonar for Bamboo for Bamboo (Server) |
Apps are affected because they use Bamboo's log4j implementation, they don't re-invent the wheel.
See https://community.atlassian.com/t5/Trust-Security-articles/Atlassian-s-Response-to-Log4j-CVE-2021-44228/ba-p/1886598 for more.
Exactly, most apps will use Bamboo's logging infrastructure, so the Atlassian report applies.
This applies for our Sonar for Bamboo Server as well.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
PowerShell Task for Bamboo (Server) uses Bamboo's log4j facility and doesn't make any changes to it, adds JMS Appender or includes javax.jms API in the CLASSPATH. So you're safe unless someone has write access to the Bamboo's log4j.properties file.
Also read FAQ for CVE-2021-44228 from Atlassian.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.