It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

HipChat patch for CVE-2018-11776?

Do we have any hope of getting a patch for this?

1 answer

0 votes
AhmadDanial Atlassian Team Aug 27, 2018

Hi there, Rob.

We've been reviewing the CVE in depth and can report back that HipChat and Embedded Crowd are not affected. The vulnerability relies on certain namespace mappings being set to 'true' whereas we've explicitly set our namespaces in the code as required, and this value by default is set to 'false' when not defined. 

At present, most security scanners may just pick this CVE up due to the struts library version, however, this should be marked as a false positive for now. We will be issuing updates to Crowd and HipChat with version bumps to correct this as soon as we can. 

You can watch our HipChat Server Release Notes page for new updates when they are released. Hope that helps!

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Hipchat

Hipchat Cloud and Stride have reached End of Life (updated)

All good things come to an end - thanks to all our customers and partners who have been along the Hipchat and Stride journey with us.  As of Feb 15th 2019, Hipchat Cloud and Stride have reached ...

35,184 views 9 8
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you