Background

On Friday,  a Remote Code Execution vulnerability in the popular log4j logging framework was published as CVE-2021-44228 and is now known as Log4Shell.

We became aware of this vulnerability the same day and have immediately assessed all potentially affected K15t marketplace apps.

As a result of this assessment, we only identified one app that was affected by the vulnerability: Scroll Viewport for Cloud

All other K15t apps are not affected by the vulnerability, or they use the logging infrastructure supplied by the Atlassian host application, which is generally considered non-vulnerable, although an insecure configuration can be created - see Atlassian’s FAQ.

Which K15t apps are affected by CVE-2021-44228?

Only Scroll Viewport for Cloud was affected by CVE-2021-44228. We've rolled out a fix on  12:00 pm CET, so Scroll Viewport for Cloud is no longer vulnerable to this attack. As Cloud apps update automatically, you don't have to do anything.

Please refer to the following Jira issue for further information:  VPC-216 - Getting issue details... STATUS

Which K15t apps are not affected by CVE-2021-44228?

None of our Server or Data Center apps are affected by CVE-2021-44228 as they use the logging infrastructure supplied by the Atlassian host application, which is generally considered non-vulnerable, although an insecure configuration can be created - see Atlassian’s FAQ:

K15t Server and Data Center apps 

  • Backbone Issue Sync
  • Inline Comments in the Editor
  • Scroll Documents
    • Variants for Scroll Documents
  • Scroll Exporters
    • Scroll PDF Exporter
    • Scroll Word Exporter
    • Scroll HTML Exporter
    • Comala Document Mgmt for Scroll Exporter
    • Scroll CHM Exporter
    • Scroll DocBook Exporter
    • Scroll EclipseHelp Exporter
    • Scroll EPUB Exporter
  • Scroll ImageMap
  • Scroll Remote Publishing Endpoint
  • Scroll Translations
  • Scroll Viewport
  • Scroll Versions
    • Comala Document Mgmt for Scroll Versions

K15t Cloud apps 

  • Backbone Issue Sync
  • Scroll Content Quality for Confluence
  • Scroll Documents
    • Variants for Scroll Documents
  • Scroll Exporters
    • Scroll Exporter Extensions
    • Scroll PDF Exporter
    • Scroll Word Exporter
  • Scroll ImageMap
  • Orderly Databases

K15t labs apps 

  • Expando for Confluence
  • Counters for Confluence
  • Inspector Sketch for Jira
  • Inspektor Sketch for Confluence
  • Scroll WP Publisher
  • Create from Template Pro
  • Proofreading for Confluence
  • Page Links for Confluence

We are here to support you

If you have additional questions, please do not hesitate to reach out to us at help@k15t.com.