This is a public space:
For the draft, please restrict the page during creation and
remove this warning when page is published
Dear customer,
On the 18th of February 2025, Atlassian issued a Security Bulletin for Confluence and Crowd.
The Cloud versions of the applications are not affected.
What you need to know
Atlassian has released a Security Bulletin on multiple vulnerabilities, including five critical issues. Those were fixed in recent updates.
While Atlassian marks some of these issues as critical, this is not an Security advisory.
However, in some cases Atlassian still advises updating affected systems for security.
Affected Versions
| Confluence Data Center and Server |
|
| Crowd Data Center and Server |
|
What should I do?
You use Confluence Data Center and Server
If you're using the following versions or newer, the issues are already fixed:
- 9.3.1 (Data Center Only)
- 9.2.1 (LTS, recommended for Data Center Only)
- 8.5.19 (LTS)
If your versions is on the above affected versions list then:
- If your Confluence is running on a case-sensitive filesystem, we assess the risk as low and consider an update to be optional.
- If it's running on a case-insensitive filesystem, we assess the risk as medium and recommend a minor update.
You use Confluence Cloud
You are not affected by this Security Advisory. No need for action.
You use Crowd Data Center and Server
If you're using the following versions or newer, the issues are already fixed:
- 6.2.2 recommended Data Center Only
- 6.1.4 Data Center Only
- 6.0.7 Data Center Only
Otherwise we assess the risk as medium and recommend a minor update.
Support
If you still have questions or concerns regarding this advisory, please contact the bitvoodoo support via support.bitvoodoo.ch.
