CVE-2021-44228

Maria Castillo Lopez December 16, 2021

Hello Atlassian team, 

I would like to know what are the stepts to follow to apply this manual remediation: 

"The simplest remediation is to set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node of the cluster.
For Elasticsearch 5.6.11+, 6.4+, and 7.0+, this provides full protection against the RCE and information leak attacks."

Which has been mentioned in the site: https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html?utm_source=alert-email&utm_medium=email&utm_campaign=Bitbucket%20Server%20and%20Data%20Center-advisory_december-2021_EML-12112&jobid=105331767&subid=1615953481

Since my product is Only Read Access, I have disabled the following services, is this useful?

Atlassian Bitbucket Elasticsearch 6.5.3 (AtlassianBitbucketElasticsearch)

Atlassian Bitbucket AtlassianBitbucket

Regards,

0 answers

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events