I'd suggest you direct that question staight to Atlassian. To my knowledge, JIRA and Confluence do not use struts, but versions of WebWork from before it was merged into struts. Since the vulnerability was introduced in struts 2.3.5 (after WebWork was merged), I'm mildly optimistic that we're fine.
However, lacking more detail on how the bug was introduced, one shouldn't rule out that it was present in earlier versions of WebWork.
If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot