Atlassian Patch Policy
As per our new Security Bugfix Policy, critical security bug fixes will be back ported to major software versions for up to 12 months for JIRA and Confluence. In order to do this effectively we are modifying the method we use to apply security fixes. We will be releasing new maintenance releases for the versions covered by the new Security Bugfix Policy instead of binary patches.
As a result we will no longer issue binary patches. There are several reasons for this change.
- Previously, with patches there was no easy way to confirm the product was up to date. By moving to a maintenance release, the installed version number confirms the fact that the security fix is installed.
- Patches were only ever intended as interim solutions until you can upgrade. Patches can not be applied on top of each other, while maintenance releases can.
- Installing the security bug fix with a maintenance release will be easier with it wrapped in our installer.
- Maintenance releases simplifies your interactions with Atlassian Support.