All eazyBI for Jira eazyBI for Confluence Private eazyBI

Log4j Vulnerability Statement

 


eazyBI apps use the log4j library, but we do not log the user input using this library.  Because of that, the CVE-2021-44228 vulnerability cannot be exploited in eazyBI apps. So there is no actual impact on any version of eazyBI from the CVE-2021-44228 vulnerability, and no immediate action is necessary regarding the CVE-2021-44228 vulnerability.

eazyBI apps before version 6.5.0 include version 1.2.17 of log4j. eazyBI version 6.5.0 includes the log4j version 2.17.1, so please, upgrade the eazyBI apps to any version after 6.5.0 for compliance purposes.