Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

/atlassian/.hold/syslog-ng needs to be removed

Tony Ly
Tony Ly May 11, 2022

Hi, 

I'm running Confluence server and our IT department just let me know that /atlassian/.hold/syslog-ng needs to be removed because it contains log4j. We only have a production server so I can't test how removing that will affect the server.. 

Is there a fix for that vulnerability? How should I resolve this issue?

Thanks!

Tony

Answer
Watch
Like Be the first to like this
258 views

2 answers

0 votes
Thiago Masutti
Thiago Masutti
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 11, 2022

syslog-ng isn't part of Confluence.

Talk to your IT department to better understand what is actually vulnerable and the options you may have

Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 11, 2022

If you remove it, your Confluence will stop working properly.

You should look at the vulnerability, check if you are actually affected by it, look at the amelioration options, and probably go with the most simple ones of firewalling, trusting your admins, or upgrading Confluence.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events