CVE-2021-44228 Log4j Vulnerable To Remote Code Execution
By Andreas Spall (evolu.software)
Release Date | Dec 22, 2021 |
|---|---|
CVE ID |
We do not include our own log4j in our apps. The logging is done by the logging functionality provided by Atlassian.
This means: Our apps would only be affected by the log4j vulnarability if Jira/Confluence was. This - according to Atlassian - is not the case. You can find more information about this in this FAQ: Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228 | Atlassian Support | Atlassian Documentation
We have not implemented the configuration described there: Developer Documentation - Using your own log4j configuration for your plugin . We think apps that have followed this documentation may cause problems.
, multiple selections available,
Related content
Troubleshooting - 'create' returns a warn message
Troubleshooting - 'create' returns a warn message
More like this
Rest API - Metadata for Jira 4.7 pre-rendered
Rest API - Metadata for Jira 4.7 pre-rendered
More like this
How-to fix /auditing/view returns 500 Error Page
How-to fix /auditing/view returns 500 Error Page
More like this
Rest API - Metadata for Jira 5.2 pre-rendered
Rest API - Metadata for Jira 5.2 pre-rendered
More like this
Rest API - Metadata for Jira 5.1 pre-rendered
Rest API - Metadata for Jira 5.1 pre-rendered
More like this
Rest API - Metadata for Jira 5.3 pre-rendered
Rest API - Metadata for Jira 5.3 pre-rendered
More like this