You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 5
Next »
Vulnerabilities to the Log4J library have been reported recently that may be exploited by attackers to get full control over the affected system.
The projectdoc Toolbox has no direct dependency to Log4J and does not add any configuration that would make the Confluence system vulnerable.
In more Detail
Based on the information provides by Atlassian, the projectdoc Toolbox is not affected by the reported CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105:
The projectdoc Toolbox does not configure or add Log4J libraries.
CVE-2021-4104 - “Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default.“.
The projectdoc Toolbox does not configure the logging system and therefore is not affected.