I'd suggest you direct that question staight to Atlassian. To my knowledge, JIRA and Confluence do not use struts, but versions of WebWork from before it was merged into struts. Since the vulnerability was introduced in struts 2.3.5 (after WebWork was merged), I'm mildly optimistic that we're fine.
However, lacking more detail on how the bug was introduced, one shouldn't rule out that it was present in earlier versions of WebWork.
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
A picture tells a thousand words. And agility boards have just released their latest feature: cover images on issues – so now your board can tell a story at first glance. Upload attachmen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs