Hi
Seems to be that new threat is out and would it peril Atlassian products server/dc also?
https://www.bleepingcomputer.com/news/security/new-spring-java-framework-zero-day-allows-remote-code-execution/
Solved! Go to Solution.
Please refer to our FAQ page, we should have a formal announcement soon:
https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html
Update:Please see the latest FAQs posted over the weekend: https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2022-22965
As always, you can monitor security vulnerabilities at the following link https://www.atlassian.com/trust/security/advisories
You can also report a vulnerability using this article https://www.atlassian.com/trust/security/report-a-vulnerability so Atlassian will provide an offical answer for that question.
We will continue to monitor the situation and provide a response soon.
Jodie
