wombatscorp / API Tokens for Jira / issues / #36 - impact of log4j vulnerability — Bitbucket

Issue #36 closed

Deepak Prakash created an issue 2021-12-21

Hi Team,
We are using Jira Data Centre version 8.13.13. We just want to know if the log4j vulnerability is applicable to your plugin “API Tokens for Jira“.
If yes then let us know when the patch version will be released ?
Please let us know at the earliest.
Thank You in advance

Comments (2)

Roma Bubyakin [Wombats Corp]
Hi Deepak,

For logging API Tokens for Jira use log4j implicitly as a provided dependency from your Jira application.

The only thing that is needed is to use a safe version of the log4j library in your application (follow Atlassian’s official page).

Additionally, the plugin also does not use JMXAppender, which might be an issue for log4j 1.x libraries.

Best Regards, Roman
- 2021-12-22T13:01:46+00:00
Roma Bubyakin [Wombats Corp]
- changed status to closed
- 2021-12-22T13:02:07+00:00
Log in to comment

Assignee: –

Type: task

Priority: critical

Status: closed

Votes: 0

Watchers: 1