On Dec. 9, 2021, a zero-day exploit (since dubbed “Log4Shell”) was observed in the wild targeting a critical RCE vulnerability in Log4j. CVE-2021-44228 affects versions of Log4j 2.0-beta9 up to 2.14.1. The issue has been fixed in Log4j 2.15.0 and above.
Timetracker for Jira Cloud is not affected by this vulnerability. Our cloud product uses a different logging library.
Our Server and Data Center apps (Timetracker, Epic Roadmap, Issue Score, License Monitoring, License Optimizer, Thread Profiler) are not directly affected by this vulnerability. Our Server and Data Center products either use the logging libraries provided by the host application or provide a different logging library.
Our company homepage is not affected.
Our other webpages (Support Portal, App Documentation) that use Atlassian cloud products are not affected, since Atlassian already treated and prevented this vulnerability in their cloud services.
We advise you to follow Atlassian’s recommendations described in their FAQ, especially if you have customized your own logging tools for server/data center Atlassian products.
+36 20 568 6583
Copyright © 2022 Everit Kft. – All rights reserved.