So Confluence Server is EOL but there are security patches that are newer then the EoL date.

Mark Bierman March 29, 2024

My question is how can there be security patches for a version of software that is now end of life?  When I try to upgrade or patch it says that my license is expired and the version we are using is EoL.  So I am on the LTS 8.5.5 but would like to at least patch to 8.5.7 which is the newest security release.  Can I get a temp license to patch or how is this supposed to be done?  We are waiting for Atlassian to get their FedRAMP authorization before we can move to Jira Cloud with confluence.  

1 answer

0 votes
Stephen Wright _Elabor8_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
March 29, 2024

Hi @Mark Bierman 

You can't - the product is EOL.

You need to migrate/upgrade to Data Center in the interim, if you'd like to continue installing new software versions.

Ste

Mark Bierman March 29, 2024

8.5.7 is the same version just a security patch I would understand if I needed to move to 8.6 or 8.7 but I am on the same version just trying to install security patches.  It specifically says 8.5.X is the last version and I get that but the security patches came out weeks after the EOL date.  Meaning Atlassian pushed out security patches for an unsupported version of their products that nobody can install?  It does not make sense to publish vulnerabilities with a patch that nobody can use.  

 

Mark Bierman March 29, 2024

Confluence 8.5.x is the last release to support Server licenses

Confluence 8.5.x is the last Confluence feature release available to download for Server customers prior to the Server end of support date on February 15, 2024. All feature releases after Confluence 8.5.x will only support our Data Center offering. As Confluence 8.5 is a Long Term Support release, it will continue to receive security and bug fixes until the end of support date on February 15, 2024.

We recommend that you migrate to the Atlassian Cloud offering or upgrade to Data Center to remain secure and supported.

Stephen Wright _Elabor8_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
March 29, 2024

Hi @Mark Bierman 

It states that support ran out in the message you've quoted:

...it will continue to receive security and bug fixes until the end of support date on February 15, 2024.

^ Essentially, beyond Feb 15th your maintenance has expired, and therefore you can't receive new versions. You also can't renew your maintenance because Server is EOL.

Ste

 

Mark Bierman March 29, 2024

Yes I agree with that statement.  I am not arguing that.  I am asking why an unsupported version of a product has a security patch that nobody in the world can install.  And an advisory with exploitable vulnerabilities. 

 

Who can install the patch for an EOL product?  My instinct is that the patch was in the works for months and was probably intended to be released before the EOL date but since it wasn't there should be a way for those customers using this product while waiting for Atlassian to get their Authorization completed to install the security patch.  

Stephen Wright _Elabor8_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
March 29, 2024

Hi @Mark Bierman 

Its been released for on-premise versions, which includes Data Center (which isn't EOL).

The information for the release is here, in the DC section: https://confluence.atlassian.com/doc/issues-resolved-in-8-5-7-1369276869.html

I know the bugs are for "CONFSERVER" - but this also now relates to DC only.

---

You can still upgrade to Data Center if you need to use an on-premise version for now - you can see more information about upgrading on this migration page

---

You could also look into whether Atlassian can assist license-wise where the intent is to move to Cloud at a certain point, for example dual licensing arrangements:

See this Purchasing & Licensing FAQ answer:

Dual licensing - To support the transition period for Data Center customers migrating to Cloud, we will extend qualifying customers’ subscription for up to 1 year at a 100% discount so that you are able to run your Data Center and Cloud products in parallel.

More information can also be found on this page

Ste

 

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events