Products

  • OSLC Connect for Jira

  • OSLC Connect for Confluence

Related CVE

  • CVE-2021-44228

  • CVE-2021-45046

  • CVE-2021-45105

  • CVE-2021-44832

Disclaimer

OSLC Connect for Jira does not ship Log4j. We rely on the Log4j provided by Atlassian in Jira. Atlassian confirmed they suffer a very limited impact, since they bundle Log4j 1.2. from both CVE-2021-44228 and CVE-2021-45046.

Steps to confirm and mitigate should be applied from the above mentioned article.

Last, and as mentioned on the Log4j website for CVE-2021-45105 as well as CVE-2021-44832, these are not affecting the 1.x branch of Log4j.