You may be experiencing slow load times on the forum; the team is working to resolve this ASAP.

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira DC 10.7.4: "Affected" (Security Bulletin Oct 21, 2025), but "No Fix" planned?

MidnightExe
MidnightExe
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 6, 2025

Hello everyone, A question for fellow Jira Data Center operators.

We are a bit at a loss regarding the Security Bulletin from October 21, 2025.

Our situation: We are running Jira Data Center 10.7.4. According to the bulletin, this version is "Affected".

However, when we look at the "Fixed Versions", Atlassian lists no patch for the 10.7.x series. Only the LTS (10.3.12) and the new 11.x versions are listed as fixed.

Here is our confusion: According to the official End-of-Life Policy, the 10.7.x branch is still fully supported until 2027. We were therefore firmly expecting to receive a security patch for a version that is declared as "supported".

I have already opened a support ticket with Atlassian and received the following response, which confirms our fears:

  • The development team has no plans to release a new version for the 10.7.x series.

  • The only recommended solution is to upgrade to 11.1.0 or 11.1.1.

  • A downgrade to the 10.3.12 LTS is advised against due to potential data incompatibility.

This, of course, leaves us with a choice: either a non-recommended downgrade or an unplanned major upgrade to 11.x (including a new JDK), even though we wanted to stay on a "supported" feature release.

 

After the JIRA Update Check we also noticed that 4 Apps are Incompatible if we upgrade to the latest version and some Plugins are 'Unknown'

 

Our questions to the Community:

  1. Is anyone else in this exact situation (stuck on 10.7.x)?

  2. After the JIRA Update Check we also noticed that 4 Apps are Incompatible if we upgrade to the latest version and some Plugins are 'Unknown'
  3. How are you handling this? Did you upgrade directly to 11.1.0 / 11.1.1?

 

Thanks for your feedback!

Answer
Watch
Like Be the first to like this
42 views

1 answer

1 accepted

1 vote
Answer accepted
Charlie Misonne
Charlie Misonne
Community Champion
November 6, 2025

Hello!

This an unpleasant situation indeed. Either option will take a significant amount of to execute and validate so my personal choice would be to invest the time in upgrading (and not downgrading).

About the apps: try them out on the v11 version, they might work. Or get in touch with the vendors and ask them about the release plans.
Or disable them until they can be updated if they are not critical for your organization.

Try to mitigate the security vulnerabilities until you are ready to upgrade your production instance. Sometimes there is mitigation documentation (I did not check for this bulletin), disable internet access if you can, ...

There is no v11 LTS version yet. But once there is I would recommend to stick with LTS versions to avoid similar situations in the future.
Because indeed, you do not know if your non-LTS version is getting fixes like this one.

I would also avoid ".0" versions. So go with 11.1.1 immediately.

I hope this helps!

 

View More Comments
MidnightExe
MidnightExe
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 6, 2025

Hei @Charlie Misonne 

thank you for your help in this topic!

Your input confirms our thoughts, it's an unpleasant situation for sure. You've helped us solidify the two realistic paths we can take.

We're now discussing internally whether to:

  1. Invest the time now to upgrade directly to 11.1.1 (thanks for the good tip about avoiding ".0" versions).

  2. Or, try to mitigate the risk and wait for the new 11.x LTS version, which we've heard might arrive in December.

Thanks again for sharing your experience!

Best regards,

Like Charlie Misonne likes this
Charlie Misonne
Charlie Misonne
Community Champion
November 6, 2025

You are welcome! I'm glad I could help.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security