Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,300,888
Community Members
 
Community Events
165
Community Groups

Atlassian critical vulnerable. Which version I need to update?

Hi. About vulnerable https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

 

We have two server instances with confluence. 7.16.1 and 7.1.0. Expired license.

 

Which version do I need to download for fixed it and without buying new licenses?

1 answer

1 vote

You can upgrade to any version that was released before the end of your licences.

You will want to move to 7.13.7 (long term support) or 7.18.1 to fix this security problem.

And if license was ended?

Andy Heinzer Atlassian Team Jun 04, 2022

If your license is expired, then you cannot upgrade.  But you still could try to follow the mitigation steps in the security advisory to protect yourself.  Note: Confluence End Of Life versions are not fully tested with the workaround.

Like Nic Brough _Adaptavist_ likes this

@Andy Heinzer This vulnerability is due to you. Why did we should pay for this update? Are you suggesting that we stop using Atlassian products? 

Yes, Atlassian is building their tech on top of other things.  Almost everyone does.  If those things are compromised, then you need those things to be fixed.  You can't expect someone else who has built on it to fix it directly, they have no choice but to move on.

Atlassian is doing better than most suppliers of software here.  They are supporting a range of versions of their software, and they have fixed the latest version.

If you choose to work with an old version, that's fine, but it is your choice to do so and you can't expect a vendor to support an old version that they have explicitly stated that they will not support because it is too old.

The vulnerability in this case does look to be an Atlassian problem, and they have fixed it for everyone who currently has a supported licence.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence

An update on Confluence Cloud customer feedback – June 2022

Hi everyone, We’re always looking at how to improve Confluence and customer feedback plays an important role in making sure we're investing in the areas that will bring the most value to the most c...

392 views 2 13
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you