Hello,
today the security vulnerability in Apache Log 4j was announced.
After checking all our systems the Jira Core Server a plugin is affected.
See log:
"D:\00_System\Atlassian\Jira\plugins\.osgi-plugins\felix\felix-cache\bundle219\version0.0\bundle.jar-embedded\META-INF\lib\log4j-api-2.6.1.jar"
Do you already have a solution for the vulnerability?
Please send us urgent feedback
Hi all,
Daniel with Atlassian Support here to let you know our security team has finished its investigation. We have an official response statement here on Community, which you can access at this link.
More information can be found on our advisory page, as well as the previously-published FAQ:
Thanks,
Daniel Eads | Atlassian Support
@Pascal Engel I have not seen an announcement for a fix for that issue yet. You can see a list of security announcement fixes here: https://www.atlassian.com/trust/security/advisories
They did post this today so they are aware of the issue and are working on it. - https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.