Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

security email

Rhyrus Falcone
Rhyrus Falcone April 20, 2022

Did anybody else get this email from Atlassian:

Capture.PNG

 

yet whne I go to the Atlassian security center (https://www.atlassian.com/trust/security/advisories) nothing for this month:

security advisory page.PNG

 

As an IT professional concerned with Security and knowing that spoofed email with links or attachments are how most companied get hacked. I always prefer to check the from known good URLs that did not come from email.  the above URL I used was supplied by Atlassian support when I opened a ticket the last time I got email from them and their links in the email looked suspicious.

 

Answer
Watch
Like # people like this
790 views

1 answer

1 accepted

1 vote
Answer accepted
Brian Adeloye
Brian Adeloye
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 20, 2022

Hi @Rhyrus Falcone - the email is legitimate (edit: I should clarify that I can't be 100% certain whether the email you got is legitimate without seeing it, but I can confirm Atlassian sent out an email today notifying customers of a security advisory in Jira and Jira Service Management). It links to the following security advisory which is hosted on the atlassian.com domain:

https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html

The vulnerability is also tracked in the following issues on jira.atlassian.com which also link to the advisory above:

https://jira.atlassian.com/browse/JRASERVER-73650

https://jira.atlassian.com/browse/JSDSERVER-11224

Our advisories page will be updated later today.

View More Comments
Joey Klein
Joey Klein April 20, 2022

@Brian Adeloye If we are on an LTS, we have to get off that to consume a fix then?

Like
Rhyrus Falcone
Rhyrus Falcone April 20, 2022

@Brian Adeloye Since the only thing is the bundled MobileApp that is effected. I can just disable that app for now and not worry about Jira since non of my other apps are listed in https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html, right?

I have a major deployment coming up at the end of May 2022 and can't take three days to prep and upgrade my three environments right now (dev, test, and prod).

Like serkan_sezer likes this
Brian Adeloye
Brian Adeloye
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 20, 2022

@Joey Klein there are bug fixes available for LTS releases, too. More information can be found in https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html

Like
Brian Adeloye
Brian Adeloye
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 20, 2022

@Rhyrus Falcone that's correct - you can either update that app or disable it. More information can be found in the Workarounds section of the security advisory. If you have more questions, please feel to reach out to Atlassian Support.

Like # people like this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.