Atlassian-related security advisory: CVE-2021-44228, log4j

Summary

This page contains information regarding CVE-2021-44228 related to the remote code execution (RCE) vulnerability affecting Log4j.

Refined Server and Data Center apps

When using Refined, the Refined apps in turn are using log4j via the bundled version included in Jira/Confluence. This means that Refined can’t impact what is being used as Refined accesses it via Atlassian.

Atlassian published the following:

• Information regarding CVE-2021-44228 on their FAQ.

• Information as a Security Advisory.

Follow the development on the resources above, and reach out should you have any further questions.

Refined Cloud apps

Refined for Confluence, Jira, JSM on cloud or Refined Toolkit for Confluence Cloud are not affected by this issue.