Apache|Camel|3.14.1.3.11.5,3.7.7|Affected|Yes|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4.||12/13/2021|
|Apache|Camel Quarkus||Not Affected|None|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|||12/13/2021|
|Apache|Camel K||Not Affected|None|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|||12/13/2021|
|Apache|CamelKafka Connector||Not Affected|None|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|||12/13/2021|
|Apache|Camel Karaf||Affected|No|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j.||12/13/2021|
|Apache|Camel JBang|<=3.1.4|Affected|No|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|||12/13/2021|
|Apache|Camel 2||Not Affected|None|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|||12/13/2021|
| Apache|Camel|3.14.1.3.11.5,3.7.7|Affected|Yes|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4.||12/13/2021|
| Apache | Camel Quarkus | | Not Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
| Apache | Camel K | | Not Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
| Apache | CamelKafka Connector | | Not Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
|Apache|Camel Karaf||Affected|No|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j.||12/13/2021|
|Apache|Camel JBang|<=3.1.4|Affected|No|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|||12/13/2021|
|Apache|Camel 2||Not Affected|None|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|||12/13/2021|
| Apache | Flink | <flink1.15.0,1.14.1,1.13.3|Affected|No| [Apache Flink: Advise on Apache Log4j Zero Day (CVE-2021-44228)](https://flink.apache.org/2021/12/10/log4j-cve.html) |||12/12/2021|
| Apache | Kafka | All | Not Affected | No | [Kafka Apache List](https://kafka.apache.org/cve-list) | The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, not v2. | | 12/14/2021 |
| Apache | Kafka | Unknown | Affected | No | [Log4j – Apache Log4j Security Vulnerabilities](https://logging.apache.org/log4j/2.x/security.html)| Only vulnerable in certain configuration(s) | | |
@ -141,7 +141,7 @@ Apache|Camel|3.14.1.3.11.5,3.7.7|Affected|Yes|[APACHE CAMEL AND CVE-2021-44228 (
| Atlassian | Bitbucket Server & Data Center | All | Affected | Yes | [Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html)| This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. | | |
| Atlassian | Confluence Server & Data Center | All | Not Affected | | [Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html)| This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | |
| Atlassian | Crowd Server & Data Center | All | Not Affected | | [Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html)| This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | |
| Atlassian | Crucible | All | Not Affected | | [Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html)| This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | | |
| Atlassian | Crucible | All | Not Affected | | [Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html)| This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | |
| Atlassian | Fisheye | All | Not Affected | | [Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html)| This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | |
| Atlassian | Jira Server & Data Center | All | Not Affected | | [Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html)| This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | |