Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,465,872
Community Members
 
Community Events
176
Community Groups

Log4shell vulnerability?

Hi,

Has Bitbucket (or any of the other Atlassian products required to use it) been affected by the recent "log4shell" vulnerability in Log4J?

Thanks for your help!

4 answers

2 accepted

3 votes
Answer accepted

Hi all,

Daniel with Atlassian Support here to let you know our security team has finished its investigation. We have an official response statement here on Community, which you can access at this link.

More information can be found on our advisory page, as well as the previously-published FAQ:

Thanks,
Daniel Eads | Atlassian Support

2 votes
Answer accepted

Hi, you can find FAQs and Atlassian recommendations and updates related to Log4J here 👉 https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

"You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender, you may be vulnerable. If you do not find a line containing the org.apache.log4j.net.JMSAppender, you do not have this specific vulnerable configuration."

Like Dave Liao likes this

☝️above is information for data-centre and server

In terms of Cloud there is a mention in FAQ that Atlassian security team is investigating the impact on Cloud but nothing specific is mentioned there yet.

Like Dave Liao likes this

ElasticSearch in our BitBucket has the affected JAR files

Screenshot 2021-12-13 111432.png

 

But Atlassian are saying Bitbucket is not affected?

Whats the deal please?

Hi, My Confluence instance used for an Opensource project has been hacked since the 22th November.

  • A cryptojacker installed a /tmp/.solr/solrd process to mine cryptomoney.
  • A new attack has been detected the 5th december. A ransomware crypted the data of my confluence database.

    Take care of your instances publicly available from Internet ! 

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events