We wanted to post a quick update regarding the long-standing conversations about the Log4j version within Atlassian products. Atlassian has been devoted to ensuring that our customers’ data are secure and our fork of Log4J is not vulnerable
In order to take the extra step to ensure continued compliance, we will upgrade Log4J to >= 2.17.2 within an expedited timeframe which will be released within to-be-determined feature release version before December 31, 2022.
Regrettably, this is a breaking change that will require some partners to update their apps to the new version of Log4J in order to remain compatible.
We understand that this is a big change and a disruption to your work, so we will communicate all the details upfront to help you with the changes required for your products. More detailed information will be released by September 15 on the Partner Portal* and The Atlassian Developer Community
*Marketplace Partners with at least 1 paid-via-Atlassian app qualify for Partner Portal resources. If you experience any issues getting access, and meet the eligibility criteria, please open a support ticket and our team will work to get things resolved as quickly as possible.