Is Jira (on-prem) affected by Spring4Shell?

Hi @jy ,

you can monitor security vulnerabilities at the following link https://www.atlassian.com/trust/security/advisories

Right now it seems to not exist an official alert for CVE-2022-22965 

Btw, you can report a vulnerability using this article https://www.atlassian.com/trust/security/report-a-vulnerability so Atlassian will provide an offical answer for that question.

Hope this helps,

Fabio

Please see the latest FAQs posted over the weekend: https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2022-22965

As always, you can monitor security vulnerabilities at the following link https://www.atlassian.com/trust/security/advisories

You can also report a vulnerability using this article https://www.atlassian.com/trust/security/report-a-vulnerability so Atlassian will provide an offical answer for that question.

We will continue to monitor the situation and provide a response soon.

Jodie