Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Why is 8.5.X (Enterprise Release) not patching the most recent security vulnerability?

Christopher Gronde
Christopher Gronde
Contributor
February 20, 2020

Atlassian release Jira Server 8.5.X to be the Enterprise Release, meaning that it would receive security patches and updates for 2 years, meaning we would not have to do a major update for 2 years.  The first CVE to hit Jira https://jira.atlassian.com/browse/JRASERVER-70607?src=confmacro now says that in order to patch this we have to upgrade to 8.7.1.  What happened to the Enterprise Release?  Why is this not being mitigated in 8.5.x?  What's the point of having an Enterprise Release and then tell us we have to upgrade past it?

Answer
Watch
Like Be the first to like this
398 views

1 answer

1 accepted

1 vote
Answer accepted
Kurt Klinner
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 20, 2020

@Christopher Gronde 

Hi Christopher,

 

think this is due to the fact that the mentioned CVE is ranked as one with Severiy 3 - Minor,

according to the Bug Fix Policy https://www.atlassian.com/trust/security/bug-fix-policy

non critical vulnerabilities may be backported if feasible, but there is no gurantee for that

Non-critical vulnerabilities

When a security issue of a High, Medium or Low severity is discovered, Atlassian will include a fix in the next scheduled release. The fix may also be backported to Enterprise releases, if feasible. 

ER will receive backports of critical bugfixes

 

Hope that helps

 

Cheers

Kurt

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security