wombatscorp / API Tokens for Jira / issues / #35 - Urgent Security vulnerability reference to Apache Zero-Day Log4J vulnerability" (CVE-2021-45046), Is our plugin impacted? — Bitbucket

Issue #35 closed

Former user created an issue 2021-12-20

Hi Support team,

Please treat this as the highest priority as this is a worldwide security vulnerability.

We need to determine if we are impacted and what is the patch to secure our systems? please provide the step by step document for the patch.

here are some link for the reference:

Here is the CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046

Thanks in Advance!

Regards, Gowri

Comments (2)

Roma Bubyakin [Wombats Corp]
Hello Gowri,

For logging API Tokens for Jira use log4j implicitly as a provided dependency from your Jira application.

The only thing that is needed is to use a safe version of the log4j library in your application (follow Atlassian’s official page).

Additionally, the plugin also does not use JMXAppender, which might be an issue for log4j 1.x libraries.

Best Regards, Roman

‌

‌
- 2021-12-20T10:03:37+00:00
Roma Bubyakin [Wombats Corp]
- changed status to closed
- 2021-12-20T10:03:50+00:00
Log in to comment

Assignee: –

Type: bug

Priority: critical

Status: closed

Votes: 0

Watchers: None