Note: This page contains information for QMetry Test Management for Jira Cloud, Server and Datacenter users.
On December 9th, a 0-day exploit in the popular Java logging library log4j2
was discovered that results in Remote Code Execution (RCE) by logging a certain string. As per the CVE standard, it has been ranked with a score of 10.0 (highest). Hence the impact of this vulnerability is considered severe.
The QMetry for Jira Server or Data Center apps are not impacted by this vulnerability.
Log4j2 is one of the most popular logging libraries used in Java applications. QMetry also uses the Log4j2 library in the QMetry Test Management for the Jira Cloud app. QTM4J Cloud application is hence impacted by this vulnerability.
This vulnerability has been mitigated for all the QTM4J cloud instances on Dec 16th, 8:30 pm PST. QMetry cloud customers are not vulnerable anymore, and no action is required.
Please contact QMetry Support for more information at qmetryforjira@qmetrysupport.atlassian.net.