Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is Jira Software Data Center (on-prem) vulnerable to CVE-2019-17571 ?

jy
jy February 20, 2022

Based on https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

The following products use the Atlassian-maintained fork of Log4j 1.2.17:

Jira Software and Data Center

 

How does it mitigate and resolve against this critical vulnerability which affect log4j1.2.17?

 

https://nvd.nist.gov/vuln/detail/CVE-2019-17571

 

Does Atlassian not intend to upgrade their log4j to 2.17.0 or 2.17.1?

 

 

Comment
Watch
Like Be the first to like this
699 views

1 comment

Comment

Log in or Sign up to comment
Fabio Racobaldo _Catworkx_
Fabio Racobaldo _Catworkx_
Community Champion
February 21, 2022

Hi @jy ,

in order to mitigate that security issue you should disable JMSAppender as specified in the linked article.

Btw, Atlassian says that they forked log4j 1.2.17 (in 1.2.17-atlassian-3) in order to delete the code affected. Therefore, JIRA is not vulnerable to CVE-2019-17571.

Please take a look to the following issue https://jira.atlassian.com/browse/JRASERVER-62838

Hope this helps,

Fabio

Like
Reply
groups-icon
Data Center
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security