Hi Atlassian Support team,
We followed the steps to check our Jira & Confluence Server to identify the Log4J vulnerability. However, we just found the files with WEB-INF/lib/log4j2-stacktrace-origins-2.2-atlassian-2.jar where the String "org.apache.log4j.net.JMSAppender" was not examined.
We further followed on the similar Question here: Solved: Is log4j2-stacktrace-origins-2.2-atlassian-2.jar v.. But the exact suggestion is not provided.
Thus, not finding the net.JMSAppender string means that the Server is out of Log4J risks?
Thanks a lot for the Support!
I would refer you to the following:
Thanks for the response.
We've done the manual testing and didn't find the mentioned string. Now we'll opt for upgrading the Log4J version to 2.17.0. This might ascertain us about the mitigation of vulnerability issue.
Best Regards,
Srijana
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.