Security Advisories
As a public-facing web application, JIRA's application-level security is important. This document contains links to version-specific security advisories and related documents for the JIRA application.
This document is intended to provide information to system administrators about the security of the JIRA application. It does not address JIRA's internal security model — user management and permissions — except as it relates to the overall application security.
On this page:
Finding and Reporting a Security Vulnerability
Atlassian's approach to reporting security vulnerabilities is detailed in How to Report a Security Issue.
Publication of JIRA Security Advisories
Atlassian's approach to releasing security advisories is detailed in Security Advisory Publishing Policy.
Latest security advisory:
Severity Levels
Atlassian's approach to categorising security issues is detailed in Severity Levels for Security Issues.
Our Patch Policy
Atlassian's approach to releasing patches for security issues is detailed in Security Patch Policy.
Security Advisories
- JIRA Security Advisory 2014-02-26
- JIRA Security Advisory 2013-02-21
- JIRA Security Advisory 2012-08-28
- JIRA Security Advisory 2012-05-17
- JIRA Security Advisory 2011-09-27
- JIRA Security Advisory 2011-02-21
- JIRA Security Advisory 2010-12-06
- JIRA Security Advisory 2010-06-18
- JIRA Security Advisory 2010-04-16
- JIRA Security Advisory 2009-04-02
- JIRA Security Advisory 2008-12-09
- JIRA Security Advisory 2008-10-29
- JIRA Security Advisory 2008-08-26
- JIRA Security Advisory 2008-02-21
- JIRA Security Advisory 2007-12-24