My question is how can there be security patches for a version of software that is now end of life? When I try to upgrade or patch it says that my license is expired and the version we are using is EoL. So I am on the LTS 8.5.5 but would like to at least patch to 8.5.7 which is the newest security release. Can I get a temp license to patch or how is this supposed to be done? We are waiting for Atlassian to get their FedRAMP authorization before we can move to Jira Cloud with confluence.
You can't - the product is EOL.
You need to migrate/upgrade to Data Center in the interim, if you'd like to continue installing new software versions.
Ste
8.5.7 is the same version just a security patch I would understand if I needed to move to 8.6 or 8.7 but I am on the same version just trying to install security patches. It specifically says 8.5.X is the last version and I get that but the security patches came out weeks after the EOL date. Meaning Atlassian pushed out security patches for an unsupported version of their products that nobody can install? It does not make sense to publish vulnerabilities with a patch that nobody can use.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Confluence 8.5.x is the last Confluence feature release available to download for Server customers prior to the Server end of support date on February 15, 2024. All feature releases after Confluence 8.5.x will only support our Data Center offering. As Confluence 8.5 is a Long Term Support release, it will continue to receive security and bug fixes until the end of support date on February 15, 2024.
We recommend that you migrate to the Atlassian Cloud offering or upgrade to Data Center to remain secure and supported.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It states that support ran out in the message you've quoted:
...it will continue to receive security and bug fixes until the end of support date on February 15, 2024.
^ Essentially, beyond Feb 15th your maintenance has expired, and therefore you can't receive new versions. You also can't renew your maintenance because Server is EOL.
Ste
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes I agree with that statement. I am not arguing that. I am asking why an unsupported version of a product has a security patch that nobody in the world can install. And an advisory with exploitable vulnerabilities.
Who can install the patch for an EOL product? My instinct is that the patch was in the works for months and was probably intended to be released before the EOL date but since it wasn't there should be a way for those customers using this product while waiting for Atlassian to get their Authorization completed to install the security patch.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Its been released for on-premise versions, which includes Data Center (which isn't EOL).
The information for the release is here, in the DC section: https://confluence.atlassian.com/doc/issues-resolved-in-8-5-7-1369276869.html
I know the bugs are for "CONFSERVER" - but this also now relates to DC only.
---
You can still upgrade to Data Center if you need to use an on-premise version for now - you can see more information about upgrading on this migration page
---
You could also look into whether Atlassian can assist license-wise where the intent is to move to Cloud at a certain point, for example dual licensing arrangements:
See this Purchasing & Licensing FAQ answer:
Dual licensing - To support the transition period for Data Center customers migrating to Cloud, we will extend qualifying customers’ subscription for up to 1 year at a 100% discount so that you are able to run your Data Center and Cloud products in parallel.
More information can also be found on this page
Ste
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.