Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

We have been asked if S/Notify is affected by the Log4j vulnerability that has just been filed under CVE-2021-44228 in the National Vulnerability Database of NIST.

The short answer is: no.

Now here’s the longer answer:

S/Notify internally uses the slf4j library for logging purposes, so our apps are not directly affected.

However, slf4j logging can be redirected to whatever the host application (Jira, Confluence etc.) uses. So, while we are not logging with the affected Log4j, the issue might theoretically be deferred to the host logging.

Atlassian is currently investigating, but does not expect to find issues. Please follow Atlassian’s FAQ for CVE-2021-44228 for details and updates.

We’ll update this blog page when we receive any relevant updates.

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.