You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 3
Next »
Vulnerabilities to the the Log4J have been reported recently that may be exploited by attackers to get full control over the affected system.
The projectdoc Toolbox has no direct dependency to Log4J and does not add any configuration that would make the Confluence system vulnerable.
More information related to security issues with Log4j are available at Apache Log4j Security Vulnerabilities.
In more Detail
Based on the information provides by Atlassian, the projectdoc Toolbox is not affected by the reported CVEs (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105):
The projectdoc Toolbox does not configure or add Log4J libraries.
CVE-2021-4104 - “Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default.“.
The projectdoc Toolbox does not configure the logging system and therefore is not affected.