Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to fix this bug CVE-2016-1000031

How to fix this bug CVE-2016-1000031

2 answers

0 votes
Daniel Eads Atlassian Team Mar 21, 2019

Hey there,

According to our issue tracker, Atlassian Fisheye and Atlassian Crucible contained vulnerable versions of the Apache Commons FileUpload library noted in CVE-2016-1000031. However, our implementation of these libraries did not use the DiskFileItem class which was the attack vector in this advisory. Despite that, Fisheye and Crucible 4.7.0 now contain a patched version of the library.

Cheers,
Daniel

Hi Daniel,

Will this risk affect JIRA and confluence?

Daniel Eads Atlassian Team Mar 21, 2019

Jira and Confluence are not affected at all by this CVE. Cheers!

Hi Daniel,

 

Thank you for your reply. Jira and confluence are installed on our server. Can we fix this risk item? Are there any links to fixes? thank you

Daniel Eads Atlassian Team Mar 25, 2019

There is no risk item for Jira and Confluence. The CVE only affects Fisheye and Crucible, which are not part of Jira or Confluence.

If you do not have Fisheye or Crucible installed (these are separate applications entirely), you do not need to take any action.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Service Desk

The Complete Guide to Atlassian for ITSM

Hi Atlassian Community! This is Teresa from the Atlassian team. My colleague Paul Buffington @Buff and I are excited to share a brand new ITSM resource we’ve created – "The Complete Guide to At...

2,151 views 15 22
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you