Close
View this page in your language?
All languages
Choose your language
Products

Featured

Jira Software

Project and issue tracking

Confluence

Content collaboration

Jira Service Management

High-velocity ITSM

Trello

Visual project management

View all products

Marketplace

Connect thousands of apps and integrations for all your Atlassian products

Close dropdown
Solutions

Featured

Work Management

Manage projects and align goals across all teams to achieve deliverables

IT Service Management

Enable dev, IT ops, and business teams to deliver great service at high velocity

Agile & DevOps

Run a world-class agile software organization from discovery to delivery and operations

BY TEAM SIZE

Enterprise

Small Business

Startup

Non-profit

BY TEAM FUNCTION

Software Development

IT

Finance

Marketing

HR

BY INDUSTRY

Retail

Telecommunications

Professional Services

Government

Close dropdown
Resources

Learn

Atlassian University

Atlassian Playbook

Product Documentation

Developer Resources

Support

Atlassian Community

Atlassian Support

Atlassian Migration Program

Enterprise Services

Partner Support

Purchasing & Licensing

Connect

About us

Careers

Work Life Blog

Events

Support for Server products ends February 15, 2024

With end of support for our Server products fast approaching, create a winning plan for your Cloud migration with the Atlassian Migration Program.

Assess my options

Close dropdown
Search
Try now
Toggle menu
Close search

Security Advisory Publishing Policy

Publication of Security Advisories

When a critical severity security vulnerability in a self-managed Atlassian product is discovered and resolved, Atlassian will inform customers through the following mechanisms:

If you want to track non-critical severity security vulnerabilities, you need to monitor the issue trackers for the relevant products on https://jira.atlassian.com.

For example, https://jira.atlassian.com/browse/JRACLOUD for Jira Cloud and https://jira.atlassian.com/browse/CONFSERVER for Confluence Data Center. Security vulnerabilities in trackers will use the Public Security Vulnerability issue type. All security vulnerabilities will be listed in the release notes of the release where they have been fixed, similar to other bugs.

Critical third-party dependency vulnerabilities that present a lower assessed risk with Atlassian’s application will be reported in monthly Security Bulletins instead of a Critical Security Advisory.