Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Log4shell vulnerability?

Duncan Pierce
Duncan Pierce
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 13, 2021

Hi,

Has Bitbucket (or any of the other Atlassian products required to use it) been affected by the recent "log4shell" vulnerability in Log4J?

Thanks for your help!

Answer
Watch
Like Nikki Zavadska _Appfire_ likes this
3236 views

4 answers

2 accepted

3 votes
Answer accepted
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 13, 2021

Hi all,

Daniel with Atlassian Support here to let you know our security team has finished its investigation. We have an official response statement here on Community, which you can access at this link.

More information can be found on our advisory page, as well as the previously-published FAQ:

Thanks,
Daniel Eads | Atlassian Support

Reply
2 votes
Answer accepted
Nikki Zavadska _Appfire_
Nikki Zavadska _Appfire_
Community Champion
December 13, 2021

Hi, you can find FAQs and Atlassian recommendations and updates related to Log4J here 👉 https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

View More Comments
Nikki Zavadska _Appfire_
Nikki Zavadska _Appfire_
Community Champion
December 13, 2021

"You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender, you may be vulnerable. If you do not find a line containing the org.apache.log4j.net.JMSAppender, you do not have this specific vulnerable configuration."

Like Dave Liao likes this
Nikki Zavadska _Appfire_
Nikki Zavadska _Appfire_
Community Champion
December 13, 2021

☝️above is information for data-centre and server

In terms of Cloud there is a mention in FAQ that Atlassian security team is investigating the impact on Cloud but nothing specific is mentioned there yet.

Like Dave Liao likes this
Reply
1 vote
Alex Young
Alex Young December 13, 2021

ElasticSearch in our BitBucket has the affected JAR files

Screenshot 2021-12-13 111432.png

 

But Atlassian are saying Bitbucket is not affected?

Whats the deal please?

Reply
0 votes
ltoinel
ltoinel
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 13, 2021

Hi, My Confluence instance used for an Opensource project has been hacked since the 22th November.

  • A cryptojacker installed a /tmp/.solr/solrd process to mine cryptomoney.
  • A new attack has been detected the 5th december. A ransomware crypted the data of my confluence database.

    Take care of your instances publicly available from Internet ! 
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security