security vulnerability

Hello,

today the security vulnerability in Apache Log 4j was announced.
After checking all our systems the Jira Core Server a plugin is affected.

See log:

"D:\00_System\Atlassian\Jira\plugins\.osgi-plugins\felix\felix-cache\bundle219\version0.0\bundle.jar-embedded\META-INF\lib\log4j-api-2.6.1.jar"

Do you already have a solution for the vulnerability?

Please send us urgent feedback

2 answers

1 vote

Answer accepted

Hi all,

Daniel with Atlassian Support here to let you know our security team has finished its investigation. We have an official response statement here on Community, which you can access at this link.

More information can be found on our advisory page, as well as the previously-published FAQ:

Thanks,
Daniel Eads | Atlassian Support

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

0 votes

Answer accepted

@Pascal Engel I have not seen an announcement for a fix for that issue yet. You can see a list of security announcement fixes here: https://www.atlassian.com/trust/security/advisories

They did post this today so they are aware of the issue and are working on it. - https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

SERVER