Security Bulletin

 

2022-12-14 (Server & Data Center)

Third-party libraries have been upgraded according to the Atlassian's policy for Data Center.

2022-06-09 (Server & Data Center)

The URL parameters for "Dependency Table by Jql" was vulnerable to XSS. This has been reported by the Bug Bounty program.

Please upgrade to the 7.3.2 version to resolve this issue.

2022-02-28 (Server & Data Center)

Dependency Table by Jql was vulnerable to XSS. This has been reported by the Bug Bounty program.

Please upgrade to the 7.3.1 version to resolve this issue.

2021-09-07 (Cloud)

The name of the board in "Board Tracking" was vulnerable to XSS. This has been reported by the Bug Bounty program.

Please upgrade to the 7.2.1 version to resolve this issue

2021-06-23 (Cloud)

'Links Filter' field in Dependency Table and Add/Delete Links fields in Matrix were vulnerable to XSS. This has been reported by the Bug Bounty program and ranked as P3 severity level.

2021-06-08 (Cloud)

Use of the TLS 1.2 protocol.

2020-11-20 (Server & Data Center)

Links Hierarchy is subscribed to Atlassian’s Bug Bounty program and some vulnerable locations have been reported by the BugCrowd organization. Now, the atls_token is required from a lot of locations in Links Hierarchy to protect against data modification via CSRF attacks. The vulnerability has been ranked with a P2 severity level

2020-11-17 (Cloud)

Some fields en la edición de gadgets were vulnerable to XSS. This has been reported by the Bug Bounty program and ranked as P2 severity level.