Archives for the tag: security

OpenSSL Security Advisory

Following on from the announcement from the OpenSSL team today, we have been assessing the impact to Atlassian Cloud, and our customers, and are deploying updated SSL versions as needed. Our current state is as follows: Bitbucket - Not affected but patch deployment is complete HipChat - Not affected but have patched appropriate systems. Atlassian Cloud -Not affected but patch deployment complete. For those who run our Server versions, we recommend you deploy the supported patches

Continue reading »

The maintainers of the Git and Mercurial open source projects have identified a vulnerability in the Git and Mercurial clients for Macintosh and Windows operating systems that could allow critical files to be overwritten with unwanted files, including executables. We recommend that all client users of Git and Mercurial, including FishEye, Crucible, and SourceTree users, update their Git client with one of the published Git maintenance releases (1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) or

Continue reading »

To better serve our customers and partners, Atlassian has modified our security policy for JIRA, Confluence, and Stash. Atlassian Cloud customers are not affected by any of the changes described in this email as Cloud customers are always updated to the latest fixes and versions. New policy for security fixes Under the new security policy, when fixes for critical security issues are identified, Atlassian will produce a new minor product release for all major versions of JIRA and Confluence

Continue reading »

SSL and POODLE

Another day, another SSL vulnerability. Following the announcement of the POODLE vulnerability, we have removed SSL V3 support from all of our Cloud platforms.  Our testing shows this should not affect any of our users, and we encourage everyone to use up to date browsers and clients. If you find a problem, please contact us at support.atlassian.com.

Continue reading »

Encryption and Atlassian

Our values push us to keep improving in providing great solutions and helping every team. We support the SSL practices defined by the EFF in their Encrypt the Web report and we’re excited to update you on our progress. All Atlassian Cloud platforms now have: Encryption of Data links between centres. HTTPS enforced HTTPS Strict Transport Security (HSTS) across all sites Forward Secrecy implemented. If your email server supports it, email is sent encrypted with our HipChat and Atlassian

Continue reading »