» View Event Details | Created
Resolved
Update finished
Posted:
» View Event Details | Created
Resolved
Confluence up and running
Posted:
» View Event Details | Created
Resolved
Due to the widely spread Log4J vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) we checked all MSI Platform Services. The outcome:
1. MSI Collaboration Tools:
We only found the vulnerability in Bitbucket
Bitbucket Data Center: Log4J is installed → We rolled out a flag to deactivate it.
Bitbucket - elasticsearch/opensearch. → We deployed a patch and fixed it.
2. MSI Development Tools:
We found the vulnerabilities in the following services:
Jenkins plugins → All Name Space Owners have to take care, that their plugins are not affected.
SonarQube → countermeasures have been taken, so SonarQube is secure.
3. MSI Logging:
We found the vulnerabilities in the following service:
Logstash → countermeasures have been taken: Logstash has been updated to fixed version.
Overall: All MSI Platform Services have been updated if they were affected. So apart from the Jenkins plugins no MSI Service ist affected by the Log4J exploit. MSI blog post with details: https://collaboration.msi.audi.com/confluence/x/Iya2H
Posted:
» View Event Details | Created
Resolved
We resolved the issue for now. The bug within Atlassian Confluence software still exists and we will keep an eye on that.
So, what are the findings for now?
- Confluence is not built for using it as a data analytics tool.
- So, please avoid, to use it for that kind of use cases! And:
- If you upload Excel files, please avoid using charts within those files. A corrupt chart in an Excel file caused the Confluence outages.
Posted:
» View Event Details | Created
Resolved
Confluence is up and running again.
Confluence ran into a memory overload due to some very big running jobs. This might have been big export jobs or similar. So, if you think, you have possibly been the reason for this overload, please open a IT Help Ticket and we help you with your job …
Posted: