Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,465,872
Community Members
 
Community Events
176
Community Groups

Log4shell vulnerability?

Duncan Pierce
Duncan Pierce Dec 13, 2021

Hi,

Has Bitbucket (or any of the other Atlassian products required to use it) been affected by the recent "log4shell" vulnerability in Log4J?

Thanks for your help!

Answer
Watch
Like Nikki Zavadska _Appfire_ likes this
2677 views

4 answers

2 accepted

3 votes
Answer accepted
Daniel Eads
Daniel Eads Atlassian Team Dec 13, 2021 • edited

Hi all,

Daniel with Atlassian Support here to let you know our security team has finished its investigation. We have an official response statement here on Community, which you can access at this link.

More information can be found on our advisory page, as well as the previously-published FAQ:

Thanks,
Daniel Eads | Atlassian Support

Reply
2 votes
Answer accepted
Nikki Zavadska _Appfire_
Nikki Zavadska _Appfire_ Community Leader Dec 13, 2021

Hi, you can find FAQs and Atlassian recommendations and updates related to Log4J here 👉 https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

View More Comments
Nikki Zavadska _Appfire_
Nikki Zavadska _Appfire_ Community Leader Dec 13, 2021

"You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender, you may be vulnerable. If you do not find a line containing the org.apache.log4j.net.JMSAppender, you do not have this specific vulnerable configuration."

Like Dave Liao likes this
Nikki Zavadska _Appfire_
Nikki Zavadska _Appfire_ Community Leader Dec 13, 2021

☝️above is information for data-centre and server

In terms of Cloud there is a mention in FAQ that Atlassian security team is investigating the impact on Cloud but nothing specific is mentioned there yet.

Like Dave Liao likes this
Reply
1 vote
Alex Young
Alex Young Dec 13, 2021

ElasticSearch in our BitBucket has the affected JAR files

Screenshot 2021-12-13 111432.png

 

But Atlassian are saying Bitbucket is not affected?

Whats the deal please?

Reply
0 votes
ltoinel
ltoinel Dec 13, 2021

Hi, My Confluence instance used for an Opensource project has been hacked since the 22th November.

  • A cryptojacker installed a /tmp/.solr/solrd process to mine cryptomoney.
  • A new attack has been detected the 5th december. A ransomware crypted the data of my confluence database.

    Take care of your instances publicly available from Internet ! 
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS

Atlassian Community Events

See all events