Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Atlassian critical vulnerable. Which version I need to update?

Tony Montana
Tony Montana
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 4, 2022

Hi. About vulnerable https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

 

We have two server instances with confluence. 7.16.1 and 7.1.0. Expired license.

 

Which version do I need to download for fixed it and without buying new licenses?

Answer
Watch
Like Be the first to like this
301 views

1 answer

1 vote
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 4, 2022

You can upgrade to any version that was released before the end of your licences.

You will want to move to 7.13.7 (long term support) or 7.18.1 to fix this security problem.

View More Comments
Tony Montana
Tony Montana
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 4, 2022

And if license was ended?

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 4, 2022

If your license is expired, then you cannot upgrade.  But you still could try to follow the mitigation steps in the security advisory to protect yourself.  Note: Confluence End Of Life versions are not fully tested with the workaround.

Like Nic Brough -Adaptavist- likes this
Tony Montana
Tony Montana
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 4, 2022

@Andy Heinzer This vulnerability is due to you. Why did we should pay for this update? Are you suggesting that we stop using Atlassian products? 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 4, 2022

Yes, Atlassian is building their tech on top of other things.  Almost everyone does.  If those things are compromised, then you need those things to be fixed.  You can't expect someone else who has built on it to fix it directly, they have no choice but to move on.

Atlassian is doing better than most suppliers of software here.  They are supporting a range of versions of their software, and they have fixed the latest version.

If you choose to work with an old version, that's fine, but it is your choice to do so and you can't expect a vendor to support an old version that they have explicitly stated that they will not support because it is too old.

The vulnerability in this case does look to be an Atlassian problem, and they have fixed it for everyone who currently has a supported licence.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events