To better serve our customers and partners, Atlassian has modified our security policy for JIRA, Confluence, and Stash.
Atlassian Cloud customers are not affected by any of the changes described in this email as Cloud customers are always updated to the latest fixes and versions.
New policy for security fixes
Under the new security policy, when fixes for critical security issues are identified, Atlassian will produce a new minor product release for all major versions of JIRA and Confluence released within the previous 12 months. Atlassian will also produce a new minor release for all major versions of Stash released within the prior 6 months. We are excited that Confluence will be able to support this new policy beginning with Confluence 5.5.
Our new policy not only extends our current security releases across more major application versions than our previous policy, but also offers these security fixes through full maintenance releases. Our prior policy only produced security fixes through binary patches and manual installation processes. Performing full maintenance releases for security fixes will ensure changes go through full regression testing and follow standard installation and support processes. For more details around our new security policy, read our updated Security Bugfix Policy.
Updated end-of-life policy
Atlassian is also announcing changes to its application end-of-life (EOL) policy today. Our previous policy defined the EOL date for a specific product release based on the last minor version release date. After speaking with our customers, we learned that this often made upgrade planning difficult because each major release was covered for a different length of time depending on the number of minor release versions. To provide our customers and partners a better and more consistent experience, Atlassian’s policy will now associate an application’s EOL date to the major release date. This will be identical for all products and is independent of how many minor releases, features, and bug fixes are performed.
Our goal is to provide a simpler, clearer, and more consistent policy. All products will now have their EOL date set two years from the major release date and, to ensure a smooth transition for our customers, the new policy will not affect any previously published EOL dates for existing releases. For more details on the new EOL policy, read our Atlassian Support End of Life Policy.
We’re excited to bring these new and expanded service changes to our customers and partners.
Head of Enterprise Support, Atlassian