Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal


  • Give kudos
  • Received
  • Given


  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Apache Struts vulnerability CVE-2020-17530

I have Apache Struts2 vulnerability CVE-2020-17530, is Jira 7.13.18 unaffected?

2 answers

2 accepted

1 vote
Answer accepted

I previously posed the question to support and the response I received:

"As described in this old Jira bug JRASERVER-66491 (not directly related to CVE-2020-17530, but it contains the information about Struts.), Atlassian Jira does not use Apache Struts 2.

Therefore, we can confirm that vulnerability CVE-2020-17530 does not affect Jira 8.5.5."

0 votes
Answer accepted
Iago Docando Community Leader Dec 11, 2020

All I can tell you is that

doesn't include that vulnerability at all in the list. There's nothing there from 2020 though.

Maybe someone more security-savy can tell you more but regardless this seems a great question to ask directly to Atlassian rather than to the community. Who better than them to give you a official answer as oposed to an opinion?

Suggest an answer

Log in or Sign up to answer

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you