Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Service Management Security Advisory 2021-10-20 and JIRA Service Desk 4.9.0

Joseph Wrzosek
Joseph Wrzosek
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 27, 2021

Hi. I had the Jira Service Management Security Advisory 2021-10-20 pop up in my service desk today, and looked through the advisory, and I don't see any mention of JIRA Service Desk 4.9.0, which is what I'm running.  Does this advisory impact me?  Looking at the Manage Apps console and it does not appear that Insight is installed.  Thanks!

Answer
Watch
Like Be the first to like this
389 views

1 answer

1 accepted

4 votes
Answer accepted
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 27, 2021

Hi @Joseph Wrzosek , welcome to the Community!

This notification went out to admins on all Jira Service Management Server (formerly known as Jira Service Desk) and Data Center instances. Dismissing, clicking off, or opening the link will dismiss the notification permanently.

Getting the notification does not necessarily mean your instance is impacted. For your case, you're on a version of Jira Service Desk where you would have needed to install the Insight plugin from the Atlassian Marketplace in order to be affected. Since you've checked and found the Insight plugin is not installed on your instance, your impact is not affected.

You can still take the mitigation steps described in the security advisory itself if you wish. The mitigation involves removing a .jar file from the install directory of your server. If you are on a supported production database (MySQL, MS SQL, PostgreSQL) the mitigation can be safely applied even if you do not have the Insight app installed.

Cheers,
Daniel | Atlassian Support

View More Comments
Joseph Wrzosek
Joseph Wrzosek
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 27, 2021

Thanks, Daniel. That is helpful!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security