Urgent Security vulnerability reference to Apache Zero-Day Log4J vulnerability" (CVE-2021-44228), Is our Plugin impacted?
Issue #33
resolved
Hi Support team,
Please treat this as the highest priority as this is a worldwide security vulnerability.
We need to determine if we are impacted and what is the patch to secure our systems? please provide the step by step document for the patch.
here are some link for the reference:
Here is the CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
Here is the Apache Log4j details: https://logging.apache.org/log4j/2.x/security.html
Version:1.4.2 Thanks in Advance!
Regards, Gowri
Comments (2)
-
-
- changed status to resolved
- Log in to comment
Hi Gowri,
All plugins from Wombats Corp do not use Log4j explicitly only Slf4.
Log4j library is expected to be provided by Jira (or Confluence) application.
The version of Log4j library that is expected: 1.2.16
Based on the official report from Log4j:
-> Risk is lower (1), still exist if JMS Appender is in use(2)
Our plugins use 1.x version (implicitly) and do not use JMSAppende.
In a conclusion, plugins from Wombats Corp does not affect by CVE-2021-44228
Best Regards,
Roman