Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
2021-12-09 Apache Log4j2 library CVE-2021-44228
Question
Are we affected by the CVE-2021-44228 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) vulnerability?
Summary
We have investigated this vulnerability on Friday (2021-12-09) and over the weekend. Our plugins do not bundle any vulnerable versions of the log4j libraries and as such are not affected by the CVE.
We have also looked at the current host products (Jira, Confluence, Bitbucket) and none of them should be vulnerable in their default configuration. Atlassian has in the meantime published a FAQ, which does agree with our assessment but has more details:
The following Atlassian article has more info as well: