Log4j upgrade update

Hello Community!

We wanted to post a quick update regarding the long-standing conversations about the Log4j version within Atlassian products. Atlassian has been devoted to ensuring that our customers’ data are secure and our fork of Log4J is not vulnerable

In order to take the extra step to ensure continued compliance, we will upgrade Log4J to >= 2.17.2 within an expedited timeframe which will be released within to-be-determined feature release version before December 31, 2022.

Regrettably, this is a breaking change that will require some partners to update their apps to the new version of Log4J in order to remain compatible.

We understand that this is a big change and a disruption to your work, so we will communicate all the details upfront to help you with the changes required for your products. More detailed information will be released by September 15 on the Partner Portal* and The Atlassian Developer Community

Thank you,

Roman Kolosovskiy

*Marketplace Partners with at least 1 paid-via-Atlassian app qualify for Partner Portal resources. If you experience any issues getting access, and meet the eligibility criteria, please open a support ticket and our team will work to get things resolved as quickly as possible.


How can I determine if I need to take action for my app?
And what exactly do I have to do?

Is there a new plattform pom to be used with Jira?

I am not using log4j directly but via slf4j-api.

            <!-- version done by jira-plugins-platform-pom -->


import org.slf4j.Logger;
import org.slf4j.LoggerFactory;


  private static final Logger log = LoggerFactory.getLogger(MyFooClass.class);

Do I need to do something with my app?



Thank you for asking! We’re gathering all technical details and we will share them in the incoming weeks through Partner Portal.

1 Like