Archives for the tag: security

To better serve our customers and partners, Atlassian has modified our security policy for JIRA, Confluence, and Stash. Atlassian Cloud customers are not affected by any of the changes described in this email as Cloud customers are always updated to the latest fixes and versions. New policy for security fixes Under the new security policy, when fixes for critical security issues are identified, Atlassian will produce a new minor product release for all major versions of JIRA and Confluence

Continue reading »

SSL and POODLE

Another day, another SSL vulnerability. Following the announcement of the POODLE vulnerability, we have removed SSL V3 support from all of our Cloud platforms.  Our testing shows this should not affect any of our users, and we encourage everyone to use up to date browsers and clients. If you find a problem, please contact us at support.atlassian.com.

Continue reading »

Encryption and Atlassian

Our values push us to keep improving in providing great solutions and helping every team. We support the SSL practices defined by the EFF in their Encrypt the Web report and we’re excited to update you on our progress. All Atlassian Cloud platforms now have: Encryption of Data links between centres. HTTPS enforced HTTPS Strict Transport Security (HSTS) across all sites Forward Secrecy implemented. If your email server supports it, email is sent encrypted with our HipChat and Atlassian

Continue reading »

OpenSSL and Atlassian

Since the announcement of the Heartbleed bug, our teams have been assessing the impact to our products and infrastructure and deploying fixes as needed. We've confirmed that this is not an issue within our products but is an infrastructure issue. We have reissued the SSL certificates across all our hosted infrastructure. This bug has been in there for a long time and in line with good practice, we recommend that all users change their passwords and regenerate any API and SSH keys as a precaution. Atlassian

Continue reading »