Hi Team,
Currently we are using Jira Software (v8.5.3).
I would like to know which version is used Log4j in Jira Software(v8.5.3)
Hi @Venkata Surendra Kumar 👋
Welcome to the Community! Please see below Atlassian's response to Log4j (CVE-2021-44228) from @Jodie Vlassis.
On December 9, Atlassian became aware of the vulnerability CVE-2021-44228 - Log4j.
Impact on Cloud Products
This vulnerability has been mitigated for all Atlassian cloud products previously using vulnerable versions of Log4j. To date, our analysis has not identified compromise of Atlassian systems or customer data prior to the patching of these systems. Atlassian customers are not vulnerable, and no action is required.
Impact on On-Premises Products
No Atlassian on-premises products are vulnerable to CVE-2021-44228.
Some on-premises products use an Atlassian-maintained fork of Log4j 1.2.17, which is not vulnerable to CVE-2021-44228. We have done additional analysis on this fork and confirmed a new but similar vulnerability that can only be exploited by a trusted party. For that reason, Atlassian rates the severity level for on-premises products as low.
For further detailed information, please visit;
https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html
I hope this helps but if you have any other questions just ask away 😃
All the best,
Laura
All information regarding Log4J and the possible vulnerability can be found here
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.