Summary
In response to CVE-2021-44228 (aka Log4Shell vulnerability) which was published in December 9th 2021, we performed detailed investigation on our products listed below.
This document will be updated based on our ongoing investigation and latest findings.
Unaffected Products
The investigation about the products listed below is complete. We concluded that these OBSS products are NOT exposed to Log4Shell vulnerability.
You are not required to take any action specific to these products.
- Jira Cloud
- Jira Server/Data Center
- Confluence Server/DataCenter
Affected Products
The products listed below are thought to be exposed to this vulnerability.
- Jira Server/Data Center
If you are using at least one of these products, please follow the instructions in the following page: Security Advisory for Log4Shell vulnerability in OBSS apps on Jira Server and Jira Data Center
Please note the OBSS products on Server and DataCenter platforms that are listed above do not introduce their own versions of log4j to the system but rather use the log4j provided by the host Jira/Confluence.
Follow the updates in the links in the Atlassian Links section below to see Atlassian's recommendations about host products.
Atlassian Links
You can use the links below to follow Atlassian announcements about this vulnerability and its effects on Atlassian host products (Jira, Confluence, etc.).
https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html
https://community.developer.atlassian.com/t/update-atlassians-investigation-on-cve-2021-44228/54352