Are Utoolity apps affected by CVE-2021-44228 (Log4j)?
This page provides information related to the recently published remote code execution (RCE) vulnerability affecting Log4j:
Atlassian host products
Utoolity apps for Atlassian Data Center / Utoolity apps for Atlassian Server
Not affected beyond the Atlassian host product
All Utoolity Data Center and Server apps use the SLF4J facade as provided by the respective Atlassian host product via OSGi and do not introduce Log4j on their own. They would thus only be indirectly affected if the Atlassian host product uses a vulnerable version of Log4j – this does not seem to be the case by default, refer to FAQ for CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 | Atlassian Support | Atlassian Documentation for details.
Utoolity apps for Atlassian Cloud
Not affected
All Utoolity Cloud apps do not use Log4j and are thus not affected.
Amazon Web Services™, AWS™ and the “Powered by Amazon Web Services” logo are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.
Utoolity® is a registered trademark of Utoolity GmbH.
© 2024 Utoolity GmbH. All rights reserved.