Vulnerabilities

Log4J security vulnerabilities - CVE-2021-44228 and CVE-2021-45046

Server/Data Center

None of our Server or Data Center apps have their own logger.  They all use the default Jira/Confluence logger.  Any changes you make to Jira/Confluence, regarding this vulnerability, will automatically be applied to our apps.

Cloud

Our cloud apps do NOT use Log4J

Commons - CVE-2022-42889

Currently the Watch It and Issues Actions Todo apps use the "commons-text" library but neither of these apps uses interpolators, which is where the vulnerability is