Hi all,
Daniel from Atlassian Support - I'd like to let you know that we have updated the advisory to include more information about Bitbucket Server, Bitbucket Data Center, and the bundled elasticsearch product. Please refer to the advisory for the most current guidance:
Thanks,
Daniel Eads | Atlassian Support
Hi @Robert Eanes ,
B
itbucket is NOT affected.
https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html
I see Bitbucket Server/Data Center isn't in the list of products using Log4j but I can see Log4j JAR files in my installation directory, is my instance vulnerable?
No. Neither Bitbucket Server nor Data Center use Log4j, they use Logback.
Hope this helps,
Fabio
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Bitbucket allows you to run an external Elasticsearch environment instead of the bundled version, so ensure you check the Elasticsearch config/version/exposure as well as the main product.
CCM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.