Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,360,197
Community Members
 
Community Events
168
Community Groups

Is version 7.5.1 vulnerable to log4j exploit?

Is version 7.5.1 vulnerable to log4j exploit?

2 answers

1 vote
Daniel Eads Atlassian Team Dec 15, 2021

Hi all,

Daniel from Atlassian Support - I'd like to let you know that we have updated the advisory to include more information about Bitbucket Server, Bitbucket Data Center, and the bundled elasticsearch product. Please refer to the advisory for the most current guidance:

Thanks,
Daniel Eads | Atlassian Support 

0 votes

Hi @Robert Eanes ,

B

itbucket is NOT affected.

https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

I see Bitbucket Server/Data Center isn't in the list of products using Log4j but I can see Log4j JAR files in my installation directory, is my instance vulnerable?

No. Neither Bitbucket Server nor Data Center use Log4j, they use Logback.

 

Hope this helps,

Fabio

Bitbucket allows you to run an external Elasticsearch environment instead of the bundled version, so ensure you check the Elasticsearch config/version/exposure as well as the main product.

CCM

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

3,470 views 3 10
Read article

Atlassian Community Events