top of page
Log4J security vulnerabilities - CVE-2021-44228 and CVE-2021-45046
None of our Server or Data Center apps have their own logger. They all use the default Jira/Confluence logger. Any changes you make to Jira/Confluence, regarding this vulnerability, will automatically be applied to our apps.
Our cloud apps do NOT use Log4J
Commons - CVE-2022-42889
Currently the Watch It and Issues Actions Todo apps use the "commons-text" library but neither of these apps uses interpolators, which is where the vulnerability is
bottom of page