Urgent Security vulnerability reference to Apache Zero-Day Log4J vulnerability" (CVE-2021-45046), Is our plugin impacted?
Issue #35
closed
Hi Support team,
Please treat this as the highest priority as this is a worldwide security vulnerability.
We need to determine if we are impacted and what is the patch to secure our systems? please provide the step by step document for the patch.
here are some link for the reference:
Here is the CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
Thanks in Advance!
Regards, Gowri
Comments (2)
-
-
- changed status to closed
- Log in to comment
Hello Gowri,
For logging API Tokens for Jira use log4j implicitly as a provided dependency from your Jira application.
The only thing that is needed is to use a safe version of the log4j library in your application (follow Atlassian’s official page).
Additionally, the plugin also does not use JMXAppender, which might be an issue for log4j 1.x libraries.
Best Regards, Roman