Hi!
I believe we have a lot of developers use log4j. So please be aware of it and take measures if required.
Link to the hackernews post Log4j RCE Found | Hacker News
Cheers
6 Likes
IMHO this appears to be a log4j 2.x specific bug/problem. I can’t speak for all products but Jira 8.0.0 through 8.21.0 all have a patched variant of log4j 1.2.17 preventing Jira (and apps) from being impacted - for once we can be grateful dependencies are not cutting edge 
I’m sure Atlassian will clarify this issue further.
(update) #redactredact, seems that log4j 1.2.x may also be vulnerable, funtimes:
3 Likes
Hi, @AndyJames and @andy . We just published a post about this. You can find it here. We are continuing to monitor the situation for our apps, and we will provide more updates as soon as we have them.
4 Likes