Atlassian publikuje poprawki do swoich produktów 02/26 (P25-065)

17 lutego 2026 r. firma Atlassian opublikowała ostrzeżenie dotyczące bezpieczeństwa w celu usunięcia luk w zabezpieczeniach następujących produktów:

• Bamboo Data Center i Server – wiele wersji

• Confluence Data Center i Server – wiele wersji

• Crowd Data Center i Server – wiele wersji

Produkt	Podatna wersja	Patch	Link/Opis	CVE ID	CVSS
Bamboo Data Center and Server	12.1.0 (LTS) 12.0.1 do 12.0.2 11.0.7 do 11.0.8 10.2.9 do 10.2.13 (LTS)	12.1.2 (LTS) rekomendowany tylko Data Center 10.2.14 do 10.2.15 (LTS) tylko Data Center	DOM-based XSS com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer Dependency in Bamboo Data Center and Server	CVE-2025-66021	8.6 Wysoka
Confluence Data Center and Server	10.2.0 do 10.2.2 (LTS) 10.1.0 do 10.1.2 10.0.2 do 10.0.3 9.5.1 do 9.5.4 9.4.0 do 9.4.1 9.3.1 do 9.3.2 9.2.0 do 9.2.13 (LTS) 9.1.0 do 9.1.1 9.0.1 do 9.0.3 8.9.0 do 8.9.8 8.8.1 8.5.7 do 8.5.31 (LTS) 7.19.20 do 7.19.30 (LTS)	10.2.6 (LTS) rekomendowany tylko Data Center 10.2.3 (LTS) tylko Data Center 9.2.15 rekomendowany (LTS) tylko Data Center 9.2.14 (LTS) tylko Data Center	File Inclusion tar-fs Dependency in Confluence Data Center and Server	CVE-2025-59343	8.7 Wysoka
			DoS (Denial of Service) in Confluence Data Center and Server	CVE-2022-25883	7.5 Wysoka
			DoS (Denial of Service) in Confluence Data Center and Server	CVE-2020-28469	7.5 Wysoka
			Improper Authorization org.springframework:spring-core Dependency in Confluence Data Center and Server	CVE-2025-41249	7.5 Wysoka
			DoS (Denial of Service) in Confluence Data Center and Server	CVE-2025-48976	7.5 Wysoka
			DoS (Denial of Service) in Confluence Data Center and Server	CVE-2022-25927	7.5 Wysoka
Crowd Data Center and Server	7.1.0 do 7.1.3 7.0.0 do 7.0.2 6.3.0 do 6.3.4 6.2.0 do 6.2.6 6.1.0 do 6.1.7 6.0.0 do 6.0.10 5.3.1 do 5.3.8 5.1.13 5.0.11	7.1.4 rekomendowany tylko Data Center	XXE (XML External Entity Injection) org.apache.tika:tika-parsers Dependency in Crowd Data Center and Server	CVE-2025-66516	9.8 Krytyczna *
			Injection in Crowd Data Center and Server	CVE-2025-9288	9.1 Krytyczna *
			Injection in Crowd Data Center and Server	CVE-2025-9287	9.1 Krytyczna *
			RCE (Remote Code Execution) commons-beanutils Dependency in Crowd Data Center and Server	CVE-2025-48734	8.8 Wysoka
			DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server	CVE-2025-66675	8.2 Wysoka
			DoS (Denial of Service) in Crowd Data Center and Server	CVE-2020-28469	7.5 Wysoka
			DoS (Denial of Service) in Crowd Data Center and Server	CVE-2022-25927	7.5 Wysoka
			Insecure Deserialization kind-of Dependency in Crowd Data Center and Server	CVE-2019-20149	7.5 Wysoka
			DoS (Denial of Service) Third-Party Dependency in Crowd Data Center and Server	CVE-2024-57699	7.5 Wysoka

Atlassian publikuje poprawki do swoich produktów 02/26 (P25-065)

Tagi

Kategorie