[CWD-5901] List of security vulnerabilities addressed in atlassian/log4j1 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Suggestion
Status: Gathering Interest (View Workflow)
Resolution: Unresolved
Fix Version/s: None
Component/s: Documentation
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Description

Crowd uses the same Atlassian-maintained fork of Log4j 1.2.17 libraries as Jira and Confluence. This means a number of CVEs that's detailed in the Jira Documentation below is also being addressed in Crowd as well:

https://confluence.atlassian.com/jirakb/list-of-security-vulnerabilities-addressed-in-atlassian-log4j1-1141965553.html

However, it would be for customers to easily cross-check what are the versions of Crowd (and other Atlassian On-Prem products) is not impacted by this issue.

Suggestion

Either create a Crowd-version of the similar documentation like Jira, or expand the same document above to include other Atlassian On-Prem products

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Damien Tan

Votes:: 3 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 10/Jan/2023 9:58 PM

Updated:: 11/Jan/2023 1:58 AM