Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

log4j update

mike
mike December 16, 2021

/app/atlassian/bitbucket/7.4.2/app/WEB-INF/lib/log4j-api-2.11.1.jar
/app/atlassian/bitbucket/7.4.2/app/WEB-INF/lib/log4j-to-slf4j-2.12.1.jar
/app/atlassian/bitbucket/7.4.2/elasticsearch/lib/log4j-api-2.11.1.jar
/app/atlassian/bitbucket/7.4.2/elasticsearch/lib/log4j-core-2.11.1.jar

 

Can I Update these log4j to an upper version like 2.16?

Answer
Watch
Like Be the first to like this
1555 views

2 answers

1 accepted

1 vote
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 17, 2021

No, it could well break Bitbucket, and it would render you unsupported.

I'm assuming this is in response to the CVE - see https://community.atlassian.com/t5/Trust-Security-articles/Atlassian-s-Response-to-Log4j-CVE-2021-44228 for the guidance on what to do.

Reply
0 votes
Prabhu Ganesh
Prabhu Ganesh December 19, 2021

what will happen if we delete these log4j files?

View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 19, 2021

Bitbucket will stop working.

Like
Prabhu Ganesh
Prabhu Ganesh December 19, 2021

How to upgrade log4j files to the 2.16 version?

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 19, 2021

You do not.  You will need to upgrade your bitbucket

Like
Prabhu Ganesh
Prabhu Ganesh December 20, 2021

In bamboo latest version also uses log4j 2.9.0 file, how to remediate this?

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 20, 2021

Make sure none of the users can set up plans that could throw malicious code into the log file.

Like
Prabhu Ganesh
Prabhu Ganesh December 22, 2021

Hi Nic - How to monitor these new plans? What is the solution for the long-term fix?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.