Are Utoolity apps affected by CVE-2021-44228 (Log4j)?

This page provides information related to the recently published remote code execution (RCE) vulnerability affecting Log4j:

Atlassian host products

Refer to FAQ for CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 | Atlassian Support | Atlassian Documentation for details.

Utoolity apps for Atlassian Data Center / Utoolity apps for Atlassian Server

Not affected beyond the Atlassian host product

All Utoolity Data Center and Server apps use the SLF4J facade as provided by the respective Atlassian host product via OSGi and do not introduce Log4j on their own. They would thus only be indirectly affected if the Atlassian host product uses a vulnerable version of Log4j – this does not seem to be the case by default, refer to FAQ for CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 | Atlassian Support | Atlassian Documentation for details.

Utoolity apps for Atlassian Cloud

Not affected

All Utoolity Cloud apps do not use Log4j and are thus not affected.

 

 

Atlassian®, Atlassian Bamboo®, Bitbucket®, Atlassian Crowd®, Confluence®, Jira®, Jira Service Management™, Opsgenie®, and Statuspage™ are registered trademarks of Atlassian.
Amazon Web Services™, AWS™ and the “Powered by Amazon Web Services” logo are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.

Utoolity® is a registered trademark of Utoolity GmbH.
© 2024 Utoolity GmbH. All rights reserved.