Get product advice from experts

Ask a question →

Join a community group

Find a group →

Advance your career with learning paths

Take a free class →

Earn badges and rewards

Connect and share ideas at events

See the calendar →

Community
Products
Crowd
Questions
Log4J Vulnerability located in Atlassian/Crowd

Log4J Vulnerability located in Atlassian/Crowd

I am getting prompts that my version of Atalassian Crowd has vulnerable Log4J files in it - how can we remedy?

1 answer

1 vote

Hi there

You should check out Atlassian's response to Log4Shell: Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228

Crowd should not be affected to my knowledge. Out of curiosity, where do you get the prompt from?

Cheers
Niklas

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Azure/Windows Defender security.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

That link does not seem to work for me.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

What does the link say? What do you mean by Azure/Windows Defender security?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

I'm getting flagged through Nessus. I downloaded the latest crowd version (5.0.0) and Nessus is flagging the Log4j package (1.2.17) as being an unsupported version of Log4j. Just an FYI, see: https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS