Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to get quick information of critical security bugs (and fixes)?

Ruben Nuredini
Ruben Nuredini
Contributor
April 29, 2019

Hi everyone,

at our organization we are running two instances of Confluence, JIRA ans Bitbucket. In order to avoid downtime due to maintenance we update the systems four times a year.

However, we were strongly affected by Confluence's last security leak (CONFSERVER-57974)  and the system was down for couple of days.

Is there a way to get quick information about such security risks as soon as they are identified? Some kind of a mailing list without the need to read all release notes?

I found the page https://confluence.atlassian.com/doc/confluence-security-overview-and-advisories-134526.html but there is no option to subscribe to it.

Any ideas, experiences?

Thanks in advance,

Ruben

Answer
Watch
Like Robert Reiner _smartics_ likes this
576 views

1 answer

1 accepted

0 votes
Answer accepted
Shannon S
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 1, 2019

Hello Ruben,

Thank you for reaching out! Happy to help. Below you can review where you are able to find these advisories, including how to ensure that you receive these updates via email:

We will send a copy of all critical security advisories to the 'Alerts' mailing list for the product concerned, excluding Sourcetree
Note: To ensure you are on this list, please update your email preferences at https://my.atlassian.com/email.

Lastly, you can subscribe yourself to Proactive Announcements either via email or RSS feed:

I hope this helps!

Regards,

Shannon

View More Comments
Ruben Nuredini
Ruben Nuredini
Contributor
May 1, 2019

Hi Shannon,

 

thank you for the prompt answer. Yeah, the Security Advisory Publishing Policy

seems to be what i need. I immediately subscribed to the mailing list.

The Knowledge Bases in Subscribe to Proactive Announcements seem to be outdated.

Best regards,

Ruben

Like
Shannon S
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 2, 2019

Hi Ruben,

Wow, thank you for that. I hadn't noticed how out of date it is. I've submitted the feedback to have the article reviewed and updated.

I'm so glad you were able to get subscribed to the mailing list for security advisories, even with the out of date article.

Thank you again, and have a pleasant rest of your week.

Regards,

Shannon

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events