Security announcement for Log4J vulnerabilities

Summary of vulnerability

On December 9th, a vulnerability was discovered in a popular Java library Log4J (version 2).

You can find more information about this vulnerability here: NVD - CVE-2021-44228.

This vulnerability was followed by other critical vulnerabilities, like CVE-2021-45105.

Impact on Elements Cloud apps

This vulnerabilities were mitigated for all Elements Cloud apps previously using the vulnerable version of Log4j. At Elements security is our priority. Our teams are actively following Log4J security reports and are regularly updating our apps with the latest Log4J releases.

To date, our analysis has not identified compromise of Elements systems or customer data prior to the patching of these systems.

Impact on Elements On Premise apps

Our Elements On Premise apps are using Log4J library provided by Atlassian who confirmed in this FAQ for CVE-2021-44228 that their library is not vulnerable.

Please read "Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228" in order to learn more about how CVE-2021-44228 affected their products.