Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence - Path traversal vulnerability - CVE-2019-3398 - Server Ed. 6.4.2

Pedro Tome
Pedro Tome
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 28, 2019

Hello,

I have confluence Server Ed 6.4.2 with SEN Licence

To resolve security issue "Confluence - Path traversal vulnerability - CVE-2019-3398" i am force to upgrade Confluence, but i cant ugrade to none of the secure versions unless i pay new licence, and i cant work with this version because its insecure.

How can I work with the system if I cant upgrade and a cant stay in this version because of security issue?

it seems only fair to release some kind of fix for free

(not the temporary workarround)

Best regards

Answer
Watch
Like Stephen Sifers likes this
583 views

1 answer

1 vote
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 29, 2019

Hi Pedro,

The security advisory details how to mitigate the attack vector for this vulnerability. If you are not on a mitigated version and can't upgrade, using the "temporary workaround" is what you need to do. That is the fix for free.

From our licensing FAQ regarding security:

Your initial purchase entitles you to perpetual use of the software, and includes 12 months of software maintenance – access to new software releases/enhancements, our world-class Support team, critical bug fixes, and security patches – from the date of purchase. While renewing your software maintenance annually is optional, it is strongly encouraged in order to ensure continuous access to all of the benefits listed above.

Based on your license tier of 10 users, you are looking at a cost of $10 USD /yr to renew your support maintenance. You can get started renewing at my.atlassian.com and use the renewed license on a recent release of Confluence.

Cheers,
Daniel

View More Comments
rodolfo [Clearvision]
rodolfo April 30, 2019

By the way I think it's worth pointing that after you buy a license there isn't a security fix just for the 6.4.x "branch".

I found it confusing initially because on the EOL policy 6.4 is marked until Sep 6, 2019 but it seems that doesn't cover security updates.
Security updates for non Enterprise releases are only available within the first 6 months when the release was released. See Security Bugfix Policy for more info.

@Pedro Tome Ideally pick an enterprise release which gets you security updates for 2 years if you choose to upgrade.

Hope this helps :)

Cheers,
rodolfo

Like Pedro Tome likes this
Pedro Tome
Pedro Tome
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 2, 2019

Thanks for the reply.

i will consider stop using Confluence and go to another solution

Altassian team response is posting the licensing FAQ regarding security...

I keep my opinion that Altassian must present a solution, not a "temporary workaround" to response this big security issue.

Thanks again

Like
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 2, 2019

Hello Pedro,

We do appreciate your concern over the recent security issues. Your response is taken seriously and I will personally contact you via email to help resolve this matter.

Regards,
Stephen Sifers
Senior Community Engineer

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.