Release Notes and Announcements

 View Only
  • 1.  Is on-prem Jama 8.62.3 vulnerable to log4j?

    Posted 12-14-2021 15:49

    Hi Team,
    I've seen Carly's post stating that updated versions of Jama are not vulnerable.
    Is 8.62.3 new enough that it's not vulnerable?
    thanks,

    Scott



    ------------------------------
    Scott Wilcock
    Invetech Pty Ltd
    Mt Waverley VIC
    +61421058085
    ------------------------------


  • 2.  RE: Is on-prem Jama 8.62.3 vulnerable to log4j?
    Best Answer

    Posted 12-15-2021 11:55
    Edited by Carly Rossi 12-15-2021 13:20
    Hi Scott, 
     
    Great question, and thanks for posting. With regard to the CVE-2021-44228 vulnerability in Log4j, all supported versions (8.36 and later) of Jama Connect are not affected.

    For any on-premises customers running a pre-8.36 version of Jama Connect, Jama's recommendation would be for them to work with their IT administration team to upgrade to a supported version.

    Please let me know if you have any other questions here. 

    Best,
    Carly
    ------------------------------------------------------------
    Carly Rossi // she/her
    Community Manager // Jama Software
    ------------------------------------------------------------