Log4j Version ?

Hi @Venkata Surendra Kumar 👋

Welcome to the Community! Please see below Atlassian's response to Log4j (CVE-2021-44228) from @Jodie Vlassis. 

On December 9, Atlassian became aware of the vulnerability CVE-2021-44228 - Log4j.

Impact on Cloud Products

This vulnerability has been mitigated for all Atlassian cloud products previously using vulnerable versions of Log4j. To date, our analysis has not identified compromise of Atlassian systems or customer data prior to the patching of these systems. Atlassian customers are not vulnerable, and no action is required.

Impact on On-Premises Products

No Atlassian on-premises products are vulnerable to CVE-2021-44228.

Some on-premises products use an Atlassian-maintained fork of Log4j 1.2.17, which is not vulnerable to CVE-2021-44228. We have done additional analysis on this fork and confirmed a new but similar vulnerability that can only be exploited by a trusted party. For that reason, Atlassian rates the severity level for on-premises products as low.

 

For further detailed information, please visit;

https://confluence.atlassian.com/display/SECURITY/Multiple+Products+Security+Advisory+-+Log4j+Vulnerable+To+Remote+Code+Execution+-+CVE-2021-44228

https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

I hope this helps but if you have any other questions just ask away 😃

All the best,

Laura

Hi @Venkata Surendra Kumar ,

All information regarding Log4J and the possible vulnerability can be found here

https://community.atlassian.com/t5/Trust-Security-articles/Atlassian-s-Response-to-Log4j-CVE-2021-44228/ba-p/1886598