after a thorough analysis, we recommend installing a minor update to the affected systems: Crowd, Bitbucket, Confluence (only if application runs on case insensitive filesystem) and consider the updates for Bamboo & Jira to be optional. We assessed the risk for Confluence as "medium" if the application is running on a case insensitive filesystem and low if running on a case sensitive filesystem. For Bamboo we assessed the risk as "low", for Jira as "low", for Crowd as "medium" and for Bitbucket as "medium".
As mentioned, if we are hosting your systems or proactively update your applications, we will directly communicate any information via the opened tickets (which have been created in the meantime) in our service center.
This incident affected: Atlassian-Security (Security Status Bamboo, Security Status Bitbucket, Security Status Confluence, Security Status Crowd, Security Status Crucible/Fisheye, Security Status Jira).