Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Does anyone know what the recommended action is for log4shell alert

Edited
Tom Lister Community Leader Dec 13, 2021

Hi

Should we be replacing the log4j library on our servers or waiting for an Atlassian release.

Does this even affect Jira and Confluence?

https://nakedsecurity.sophos.com/2021/12/10/log4shell-java-vulnerability-how-to-safeguard-your-servers/

 

 

2 answers

1 accepted

2 votes
Answer accepted

Hi, you can find FAQs and Atlassian recommendations and updates related to Log4J here 👉 https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

"You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender, you may be vulnerable. If you do not find a line containing the org.apache.log4j.net.JMSAppender, you do not have this specific vulnerable configuration."

Like # people like this

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you