0-day vulnerability log4j

Hi!
I believe we have a lot of developers use log4j. So please be aware of it and take measures if required.
Link to the hackernews post Log4j RCE Found | Hacker News

Cheers

6 Likes

IMHO this appears to be a log4j 2.x specific bug/problem. I can’t speak for all products but Jira 8.0.0 through 8.21.0 all have a patched variant of log4j 1.2.17 preventing Jira (and apps) from being impacted - for once we can be grateful dependencies are not cutting edge :sweat_smile:

I’m sure Atlassian will clarify this issue further.

(update) #redactredact, seems that log4j 1.2.x may also be vulnerable, funtimes:

3 Likes

Hi, @AndyJames and @andy . We just published a post about this. You can find it here. We are continuing to monitor the situation for our apps, and we will provide more updates as soon as we have them.

3 Likes