You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Hi there, my name is Andrzej Kotas and I am part of Jira’s product team. As we develop Jira, security is always top of mind and Atlassian remains committed to delivering secure, reliable software solutions to enable you to focus on meeting your core business goals. This is why I am pleased to share an update to our fork of Log4j.
As many of you may recall, the Log4shell 10.0 CVSS critical vulnerability struck the IT industry in December of 2021. While Log4j 1 reached the end-of-life state and is no longer maintained by the Apache Software Foundation, Jira Server and Data Center still heavily rely on the library.
As a solution, we created our own fork of Log4j1 atlassian/log4j1 aiming to resolve security vulnerabilities as they appear and provide the best possible performance while maintaining backward compatibility with the original library. Our branch of in-house maintained Log4J-1 is not vulnerable to Log4Shell.
However, this vulnerability amplified the need for the 2.x update across the industry, including Jira. In order to take the extra step to ensure continued compliance, we announced in August that we would upgrade Log4J to >= 2.17.2 within an expedited timeframe. Knowing this would be a breaking change, we wanted to make sure and mitigate the impact on the Ecosystem.
Customers wanting to remove
atlassian/log4j1 from their surface may now do so with the 9.5 / 5.5 upgrade. Download Jira Software 9.5 or Jira Service Management 5.5. Please note these upgrades include breaking changes.
Customers who do not wish to upgrade to Log4j 2 at this time may remain on their supported version. The next Jira LTS (planned for later in 2023) will include the Log4J 2 upgrade.
Should you require more details about the technical aspects of the change or is with the need of upgrading your plugin, application, or in-house solution please make sure to consult
Jira 9.5 / JSM 5.5 release is not only Log4j upgrade, we’re happy to present
Thank you for being part of the Data Center community and please share any questions in the comments below.