Security advisory email on 26 Feb

Hi All

We all received an email from Atlassian on 26th Feb 2014 (yesterday) about a critical security vulnerability that affects all downloaded versions of jira, confluence, crucible, fisheye bamboo and stash. And the solution recommended was to upgrade to a certain release.

My question is:

- If upgrade is not an option, what are our other options?

- Do we know what the security vulnerability is and we can then try to fix it until we upgrade.


2 answers

1 accepted

2 votes
Accepted answer
Hi Rahul,

Assuming that you are using supported versions of our products, meaning versions that have not passed their End Of Support Life then patches are available but in the event that your are not using a version which can be patched then you will need to upgrade to a supported version and then patch.

The security issue is a critical vulnerabilty that can lead an attacker to privilege escalation, so it is an important issue that affects all customers who host their installations of our products, (OnDemand customers need not worry because their instances are already upgraded to fixed versions of our applications). You didn't mention which products you are worried about so I have included links to each of the advisories below, which explain the options for the various products:

I only really work with JIRA and Confluence, but as I understand it JIRA's advisory is the most complicated because there are two other security issues that also need to be mitigated IF the application is being run on Windows. This is all described in the JIRA security advisory page linked above.

All the best,

Thanks John for the details. That helps.

Hi Rahul,

This is just a quick note to let you (and others) know that I am preparing an answer for your enquiry now and I will post a public comment shortly.

All the best,

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,084 views 4 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you