Welcome to the Community! Please see below Atlassian's response to Log4j (CVE-2021-44228) from @Jodie Vlassis.
On December 9, Atlassian became aware of the vulnerability CVE-2021-44228 - Log4j.
Impact on Cloud Products
This vulnerability has been mitigated for all Atlassian cloud products previously using vulnerable versions of Log4j. To date, our analysis has not identified compromise of Atlassian systems or customer data prior to the patching of these systems. Atlassian customers are not vulnerable, and no action is required.
Impact on On-Premises Products
No Atlassian on-premises products are vulnerable to CVE-2021-44228.
Some on-premises products use an Atlassian-maintained fork of Log4j 1.2.17, which is not vulnerable to CVE-2021-44228. We have done additional analysis on this fork and confirmed a new but similar vulnerability that can only be exploited by a trusted party. For that reason, Atlassian rates the severity level for on-premises products as low.
For further detailed information, please visit;
I hope this helps but if you have any other questions just ask away 😃
All the best,
All information regarding Log4J and the possible vulnerability can be found here
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events