Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

We didn't find string “org.apache.log4j.net.JMSAppender" in our server. Is it unaffected by Log4J?

Srijana Acharya
Srijana Acharya December 27, 2021

Hi Atlassian Support team,

We followed the steps to check our Jira & Confluence Server to identify the Log4J vulnerability. However, we just found the files with WEB-INF/lib/log4j2-stacktrace-origins-2.2-atlassian-2.jar where the String "org.apache.log4j.net.JMSAppender" was not examined. 

We further followed on the similar Question here: Solved: Is log4j2-stacktrace-origins-2.2-atlassian-2.jar v.. But the exact suggestion is not provided.

Thus, not finding the net.JMSAppender string means that the Server is out of Log4J risks?

Thanks a lot for the Support!

 

 

Answer
Watch
Like Be the first to like this
526 views

1 answer

1 accepted

0 votes
Answer accepted
Jack Brickey
Jack Brickey
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 27, 2021

I would refer you to the following:

View More Comments
Srijana Acharya
Srijana Acharya December 27, 2021

Hi @Jack Brickey

Thanks for the response. 

We've done the manual testing and didn't find the mentioned string. Now we'll opt for upgrading the Log4J version to 2.17.0. This might ascertain us about the mitigation of vulnerability issue. 

Best Regards,

Srijana

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events