2024-07-29

• As per requirement of Atlassian the org.apache.commons/commons-compress@1.21 has been upgraded to the 1.26.2 version. (Fixed in 9.5.1 version)

• Potential XSS attack reported by BugCrowd (Fixed in 9.5.2 version)

2023-11-13

Some third party libraries have been updated as marked vulnerable running the Atlassian's security check policy

2020-11-15

Some URLs were vulnerable to XSS. This has been reported by the Bug Bounty program and ranked as P3 severity level.

Please upgrade to the 9.0.9 version to fix them.

2020-11-12

Subversion ALM is subscribed to Atlassian’s Bug Bounty program and some vulnerable locations have been reported by the BugCrowd organization. Now, the atls_token is required from a lot of locations in Subversion ALM to protect against data modification via CSRF attacks. The vulnerability has been ranked with a P2 severity level

...