Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Critical Security vulnerability for Jira Service Desk v3.12.2

Bruno Casimir
Bruno Casimir September 19, 2019

Hello,


I am using the version 3.12.2 of Jira service desk. I received a mail from Atlassian which inform that a critical security vulnerability exists in Jira Service Desk Server and Data Center for this version. In the link to be followed it is said that an upgrade to the version 3.16.8 fixes the issue.

Is the upgrade the only way to fix the issue?
If yes, can you please give the details of how to proceed with the upgrade?


Thank you in advance,
Best regards,
Bruno.

 

Answer
Watch
Like Be the first to like this
548 views

1 answer

0 votes
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 20, 2019

Hi Bruno,

There is a short-term alternative to upgrading. In the long run, I would recommend an upgrade but short-term you can employ the mitigation described in the security advisory. This involves blocking a particular path at your reverse proxy (if you have one set up) or modifying the Tomcat configuration used to serve Jira. It's worth noting that you'll also want to follow similar steps for the other Jira Server advisory from Wednesday - steps for mitigation on that one are here.

Given the effort it takes to mitigate both, you may find an upgrade simpler. We've got a detailed article with upgrade steps at this link.

Cheers,
Daniel

View More Comments
Bruno Casimir
Bruno Casimir September 23, 2019

Thank you for the information Daniel. Two additional questions:

1. Can you confirm that the upgrade won't have any impact on the license we purchased for the version 3.12.2 of Jira service desk?


2. Will that upgrade have any impact on the queries / filters that we created on the actual version (3.12.2)? Is there any other impact / difficulties you predict we may face with that upgrade?


Best regards,
Bruno.

Like
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 23, 2019

Hi Bruno,

  1. Upgrading won't impact when your license is up fro renewal. I wasn't able to find a specific license attached to your Atlassian account, but typically you could check licenses where you are a contact at my.atlassian.com and looking at the expiration date. You can also do this from within Jira by going to the Versions & licenses page and looking at the Maintenance expires date. You're entitled to any versions of Jira released within the maintenance period - so for the latest release of Jira Service Desk, you'll be set as long as the "Maintenance expires" date some date after 16/Sept/19.
  2. There won't be any changes to the query/filter data. We recommend taking backups of your Jira's install/home directories on your server as well as a database backup, but there aren't extra considerations between the versions you're upgrading against. The full instructions are covered in this upgrade guide.

Cheers,
Daniel

Like
Bruno Casimir
Bruno Casimir September 24, 2019

Thank you for the answers Daniel. We will proceed with the upgrade. We will inform you in case we need help.

Best regards,

Bruno.

Like
Bruno Casimir
Bruno Casimir October 11, 2019

Hello Daniel,

The upgrade has been done and it was a success.

Thank you for your help.

Best regards,

Bruno.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.