impact of log4j vulnerability
Issue #36
closed
Hi Team,
We are using Jira Data Centre version 8.13.13. We just want to know if the log4j vulnerability is applicable to your plugin “API Tokens for Jira“.
If yes then let us know when the patch version will be released ?
Please let us know at the earliest.
Thank You in advance
Comments (2)
-
-
- changed status to closed
- Log in to comment
Hi Deepak,
For logging API Tokens for Jira use log4j implicitly as a provided dependency from your Jira application.
The only thing that is needed is to use a safe version of the log4j library in your application (follow Atlassian’s official page).
Additionally, the plugin also does not use JMXAppender, which might be an issue for log4j 1.x libraries.
Best Regards, Roman