Summary
This page contains information regarding CVE-2021-44228 related to the remote code execution (RCE) vulnerability affecting Log4j.
Refined Server and Data Center apps
When using Refined, the Refined apps in turn are using log4j via the bundled version included in Jira/Confluence. This means that Refined can’t impact what is being used as Refined accesses it via Atlassian.
Atlassian published the following:
Follow the development on the resources above, and reach out should you have any further questions.
Refined Cloud apps
Refined for Confluence, Jira, JSM on cloud or Refined Toolkit for Confluence Cloud are not affected by this issue.