Hi,
We're using BitBucket Server 7.17.10 which comes with bundled elastic search for our internal projects. A recent security scan has shown that our BB contains vulnerable version of log4j 2.11.1.jar in its bundled elastic search
/opt/atlassian/bitbucket/7.17.10/elasticsearch/lib/log4j-core-2.11.1.jar
I could see that in $BITBUCKET_HOME/shared/search/jvm.options
-Dlog4j2.disable.jmx=true
Does this log4j version of bundled elastic search has any potential impact and do we need to take any action to mitigate this?
Please advice