Log4j critical vulnerability CVE-2021-44228.

Jira Assistant Issues

View #206 on GitHub to know more details

#206 - Log4j critical vulnerability CVE-2021-44228.

Singletm2000 commented on Jun 05, 2022

JIRA ASSITANT

Can you please confirm what steps JIRA ASSISTANT has taken to protect itself against Log4j critical vulnerability CVE-2021-44228. Also how you ensure the customer is protected.

pabloruizSignaturit commented on Jan 04, 2022

@Singletm2000 log4j is a Java module, and Jira-assistant is javascript.. also there is no reference to log4j in all code.

Did you review that before posting the issue?

shridhar-tl commented on Jun 05, 2022

Jira Assistant is not using log4j librari. Atleast no direct reference is available. Hence their is nothing we need to work on at this point. Hence closing this issue.

Latest updates

27-Nov-2023 - Change in permissions for JA

In upcoming version (v2.58) of JA, by default, permission to access Cloud instance of Jira would be added. This would let the users to integrate with Cloud instance of Jira without prompting for permission at the time of integration. Hence for Chrome users, once the extension gets updated, it would get disabled due to change in permission. You can enable it again from Extensions page. However, for Firefox and Edge, extension already have access to all the sites (though it doesn't really need) which would be narrowed down only to atlassian.net which would be a security improvement.

03-Jan-2023 - Auto update would take time

Jira Assistant is now updated in phased basis to avoid any breaking changes impacting all users. So it may take long time before your extension gets updated. If you want to manually update it immediately, just navigate to "chrome://extensions", turn on "Developer mode" from top right corner and click Update button. Then you can turn off dev mode.

20-Dec-2022 - Available as App for Jira Cloud

Jira Assistant can now be installed within your Jira Cloud as an App. Once installed, this would be available for all your Jira users. Visit https://www.jiraassistant.com to know more.

26-Jul-2022 - Introducing JA Web

You can visit https://app.jiraassistant.com to use or test upcoming features of Jira Assistant. Contribute in testing JA by switching to Web Version. All the fixes and new feature updates would be immediately available in Web version of JA. Later, stable updates would be pushed to Extensions.