Security advisory email on 26 Feb

Hi All

We all received an email from Atlassian on 26th Feb 2014 (yesterday) about a critical security vulnerability that affects all downloaded versions of jira, confluence, crucible, fisheye bamboo and stash. And the solution recommended was to upgrade to a certain release.

My question is:

- If upgrade is not an option, what are our other options?

- Do we know what the security vulnerability is and we can then try to fix it until we upgrade.

Rahul

2 answers

1 accepted

Hi Rahul,

Assuming that you are using supported versions of our products, meaning versions that have not passed their End Of Support Life then patches are available but in the event that your are not using a version which can be patched then you will need to upgrade to a supported version and then patch.

The security issue is a critical vulnerabilty that can lead an attacker to privilege escalation, so it is an important issue that affects all customers who host their installations of our products, (OnDemand customers need not worry because their instances are already upgraded to fixed versions of our applications). You didn't mention which products you are worried about so I have included links to each of the advisories below, which explain the options for the various products:


I only really work with JIRA and Confluence, but as I understand it JIRA's advisory is the most complicated because there are two other security issues that also need to be mitigated IF the application is being run on Windows. This is all described in the JIRA security advisory page linked above.

All the best,
John

Thanks John for the details. That helps.

Hi Rahul,

This is just a quick note to let you (and others) know that I am preparing an answer for your enquiry now and I will post a public comment shortly.

All the best,
John

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Monday in Jira Software

How large do you think Jira Software can grow?

Hi Atlassian Community! My name is Shana, and I’m on the Jira Software team. One of the many reasons this Community exists is to connect you to others on similar product journeys or with comparabl...

713 views 6 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you