You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The first step in keeping your Atlassian server and DC products secure is keeping them current, and we’re making it easier to stay up-to-date with our new monthly Security Bulletin and searchable Vulnerability Disclosure Portal! Launched last month, these disclosures support security best practices by issuing updates on a regular maintenance schedule and offer enhanced transparency into the range of risks mitigated under each new version. Atlassian will continue to issue Critical Security Advisories for vulnerabilities requiring immediate action.
On the third Tuesday of each month, the Security Bulletin will be posted at Security Advisories and the disclosed vulnerabilities will be added to the Vulnerability Disclosure Portal Security at Atlassian: Vulnerabilities. You can register for Security Bulletin alerts in the Tech Alerts section of the your email preferences.
Keep reading to learn more about what you can expect from our new security disclosures.
The Security Bulletin will provide you with detailed information about the vulnerabilities mitigated in new versions, allowing you to make more informed decisions about updating our products outside of Critical Security Advisories requiring immediate action.
In addition to version upgrade recommendations, each Security Bulletin includes a high-level summary of the vulnerability, the CVSS score and severity (severity does not reflect risk; read more about CVSS), CVE ID, and a link to the detailed ticket on jira.atlassian.com.
The Vulnerability Disclosure Portal is a central hub for information about disclosed vulnerabilities in any of our products. It is updated monthly with the release of each Security Bulletin and provides an easy way to search and access data from previous bulletins.
Portal data and filtering capabilities are also available through our Security Vulnerability API for customers who wish to reach this data programmatically.
Vulnerability Disclosure Portal, Security at Atlassian: Vulnerabilities
More details can be found by clicking on any of the CVEs.
Security Bulletin disclosures include unique critical and high-severity vulnerabilities as well as dependency vulnerabilities, for our server and DC products.
No, the Security Bulletin is for server and DC products only. We are able to seamlessly patch Cloud vulnerabilities without any action required on the part of the customer. For information on Atlassian cloud security, see our Security page.
Upgrading to new versions in a timely manner is an important step in keeping your Atlassian server and DC products secure, and we encourage customers to keep versions current. Though we will continue to issue Critical Security Advisories for vulnerabilities requiring immediate action, our goal with the Security Bulletin is to issue non-critical updates that can be supported on a regular maintenance schedule.
No, the Security Bulletin and Portal are an enhancement to our ability to disclose fixed vulnerabilities, and do not reflect any changes in our processes to identify and fix them. The types of fixed vulnerabilities you will see in the new disclosures were previously fixed in released product versions. With this new monthly cadence, we’re able to offer greater transparency into the list of vulnerabilities mitigated under each new version (not just the most pressing) and encourage customers to support security best practices with a regular maintenance schedule. Atlassian will continue to issue Critical Security Advisories for vulnerabilities requiring immediate action.
The next bulletin will be released on Aug 15, 2023, you will be able to find it here.