1. Kupper Software Avatar Kupper Software
  2. Marketplace
  3. Macro Usage
  4. Issues

Impact of log4j on macro uage plugin

Issue #7 resolved
Srikailash created an issue

Hello,  

This is regarding remote code execution vulnerability (CVE-2021-44228) in Apache Log4j which is an open-source logging utility.   

We have multiple plugins installed in our Jira (v8.13.10) and Confluence (v7.4.3) Applications from Atlassian marketplace.   

Our concern here is regarding the below plugins and its version:  

==========  

Macro usage - version 1.3.1 (SEN-20211665)

==========  

Could you please confirm whether these listed plugins version are using Log4j? If yes, then what version of log4j and whether it is vulnerable or not?   

Please let us know what precautions or preventive measures we need to take on this.   

Thanks

Comments (2)

  1. Kupper Software

    Response sent by mail in the same day but I missed it in the ticket.

    Hi Srilailash,

    many thanks for reaching out.

    Kupper apps for Cloud, Server and Data center are not vulnerable to CVE-2021-44228.

    Also, Atlassian actively scans third-party apps to determine if they are vulnerable. 

    And, we do not have any related issues.

    Many thanks,

    Best regards,

    Tina

  3. Log in to comment
Assignee
Type
bug
Priority
blocker
Status
resolved
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!