after a thorough analysis, we recommend installing a minor update to the affected systems Confluence & Bitbucket and consider the update for Jira to be optional. We assessed the risk for Confluence as "medium" and for Bitbucket as "medium to high" for 9.4 versions & "high" for 8.19 versions. The fixed versions of Confluence & Jira were released in August & September and have already been applied to many systems.
Note: This is our general assessment and you should evaluate its applicability to your own IT environment. We only investigate/evaluate actively maintained LTS releases (except for Crowd & Fisheye/Crucible). If you are using a non-LTS release, please check additionally for your version or contact us via our Service Center.
If we are hosting your systems or proactively update your applications, we will directly communicate any information via the opened tickets (which have been created in the meantime) in our service center.
We will update this post as soon as we have finalized the analysis. Note: Due to Wednesday November 19 being a public holiday in Saxony, the next update is not expected until Thursday November 20.
If we are hosting your systems or if we proactively update your applications, we will open a Ticket soon.