Note
We've packed up and moved from Confluence to Discourse to bring you a better, more interactive space. Out of courtesy we didn't migrate your user account so - you will have to signup again
The Exalate team will be on holiday for the coming days - returning Jan 4
Enjoy & stay safe
As published here
On Saturday, December 10, 2021 - we were made aware of the Log4j vulnerability in the apache logging framework (CVE-2021-44228).
The results of our investigation is that Exalate is NOT affected by this vulnerability as Exalate is using another logging framework.
There might be a risk for 'Exalate for Jira On Premise', which is using the logging framework provided by Jira - Atlassian confirmed here that Jira itself is not vulnerable but the advice is to check for 'org.apache.log4j.net.JMSAppender' in the log4j.properties file.
Please reach out to our Support in case of questions.