Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is 8.18.0 affected

TQS IT Department
TQS IT Department
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 21, 2021

 Is 8.18.0 affected by Jira Data Center And Jira Service Management Data Center Security Advisory 2021-07-21?

Answer
Watch
Like Be the first to like this
425 views

2 answers

0 votes
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 23, 2021

Jira Data Center 8.18.0 is not affected by the security advisory, however we have removed that version as available for download because of a bug. If you are already on Jira Data Center or Jira Server 8.18.0, it is worth trying to set aside some time to upgrade to 8.18.1 which contains the fix for that bug.

Cheers,
Daniel | Atlassian Support

View More Comments
Dawn Fama
Dawn Fama
Contributor
July 30, 2021

Unfortunately, if you are on JIRA DC v8.18 and use the UPM in your DC instance to plan your upgrade, you do not get the option to download 8.18.1 DC, it says you are on the recommended version. 

Then when you go to manage your licenses and select the download option it takes you to AWS or Azure option - Download Jira Software Data Center | Atlassian its a bit tricky to find latest self hosted DC release.

Also, should check the bundled version of tomcat - Application Server Apache Tomcat/8.5.65 is vulnerable - [JRASERVER-72609] Upgrade the bundled version of Apache Tomcat to 8.5.68 or later - Create and track feature requests for Atlassian products.

for  CVE-2021-33037  

8.18 release is now bundled with fixed tomcat 8.5.68 - may need to follow atlassian docs to manually upgrade How to upgrade Apache Tomcat version used by Jira | Jira | Atlassian Documentation

Like
Reply
0 votes
Christopher Isaak
Chris Isaak
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 21, 2021

Per : https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html?utm_source=alert-email&utm_medium=email&utm_campaign=Jira%20Data%20Center-advisory_july-2021_EML-10812&jobid=105135348&subid=1521081460  

 

 

Upgrade Jira Center to version 8.17.0 or higher.

If you cannot upgrade to 8.17.0, then upgrade to 8.5.16 or 8.13.8.

 

Upgrade Jira Service Management Data Center to version 4.17.0 or higher.

If you cannot upgrade to 4.17.0, then upgrade to 4.5.16 or 4.13.8.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
TAGS
atlassian, ace, atlassian community event, donation, girls who code, women in tech, malala fund, plan international, kudos, community badge, badge, atlassian badge, International Women’s month, International Women’s Day, women's month, women's day

10 for Change at Atlassian Community Events

Show up and give back by attending an Atlassian Community Event: we’ll donate $10 for every event attendee in March!

Join an Atlassian Community Event!
AUG Leaders

Upcoming Jira Events