Blog

Blog

  • 2024
  • 2023
  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2014
  • 2013
  • 2012





Vulnerabilities to the Log4J library have been reported recently that may be exploited by attackers to get full control over the affected system.

The projectdoc Toolbox has no direct dependency to Log4J and does not add any configuration that would make the Confluence system vulnerable. It uses the logging service provided by Confluence through the SLF4J interface.

Summary

 

The projectdoc Toolbox is not vulnerable to the following CVEs:

In more Detail

Based on the information provides by Atlassian, the projectdoc Toolbox is not affected by the reported CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105:

The projectdoc Toolbox does not configure or add Log4J libraries.

CVE-2021-4104 - “Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default.“.

The projectdoc Toolbox does not configure the logging system and therefore is not affected.

References

Detailed information related to security issues with Log4j are available at Apache Log4j Security Vulnerabilities.

Information provided by SLF4J regarding the CVEs on Log4J are available at Comments on the log4shell (CVE-2021-44228) vulnerability.


Link

Link

Posts

About

This site is maintained by smartics.

Imprint / Impressum

Data Privacy / Datenschutz 

End User License Agreement (EULA)


To get in touch please send us an e-mail!

smartics email

Keep up-to-date!

Read our

smartics Blog

Follow us on

Twitter YouTube Prezi

Find us on

Bitbucket GitHub Atlassian Marketplace

Powered by




© 2001-2023 smartics - Kronseder & Reiner GmbH