Free webinar on 1 June: "How to export issues from Jira Cloud to Excel" (seats are limited!) Sign up now →

CVE-2021-44228 (Log4Shell): Midori apps are not affected

What is CVE-2021-44228?

On December 9th, 2021, a critical vulnerability in Apache Log4j was reported. Atlassian app vendors are now looking to make sure this doesn’t affect their software and to evaluate what, if any, mitigation steps should be taken.

This blog post is the summary of Midori's internal security research.

Impact to Midori customers

In short, Midori apps and services are not directly impacted by this issue.

  • Our apps for Jira Cloud: not impacted. (These are not using the vulnerable Log4j Core component.)

  • Our apps for Atlassian Server and Data Center products: not impacted in their default configurations. All these apps rely on the logging facilities provided by the Atlassian host product. The apps themselves don't alter the logging configuration in any way. See the Atlassian security advisory for details.

  • Midori website at https://www.midori-global.com: not impacted (It is not using Log4j at all).

  • Midori support system at https://midori.zendesk.com: not impacted. See the Zendesk security advisory for details.

Where can I find more information?

Note the contents of this page are the result of our current knowledge and are provided AS IS without warranty of any kind.

Still have concerns? Talk to us!

 

Be the first to hear about the Midori news, Jira, Confluence, Bitbucket guides, and productivity tips that accelerate your team.

Subscribe now