Critical vulnerabilities affecting several Atlassian products
Incident
Report for Ambientia
Resolved
We have completed all immediately required upgrades to systems managed by Ambientia. We are marking this incident as resolved, but continue to monitor the situation.
Update
The upgrade work is still ongoing. Our original estimate of getting all the upgrades completed during Thursday 7th of December was a bit too optimistic. We strive to get the upgrades completed by end of Friday 8th of December.
Update
We have been making upgrades to the systems throughout the day, and we will continue to do so.
Unfortunately, the upgrades to systems managed by Ambientia are likely to be completed by tomorrow. We will notify our customers once the upgrades are done.
Unfortunately, the upgrades to systems managed by Ambientia are likely to be completed by tomorrow. We will notify our customers once the upgrades are done.
Monitoring
On 6th of December 2023, Atlassian published several critical vulnerabilities affecting several Atlassian products. We received a pre-warning about this vulnerability going public and have been implementing necessary actions since Tuesday 5th of December.
Initially, we need to restrict access to affected Atlassian product installations from the public internet. We started these measures during the evening of Tuesday the 5th December. This is a temporary protective measure recommended by Atlassian that will be lifted once upgrade of the affected system to a fixed version has been completed.
We will contact our customers individually once upgrade of their systems has been completed and we have lifted the temporary protective measures.
We are closely following the situation and are prepared to implement further measures if they are required.
For more detailed information regarding the vulnerabilities, please see Atlassian's official announcements:
Initially, we need to restrict access to affected Atlassian product installations from the public internet. We started these measures during the evening of Tuesday the 5th December. This is a temporary protective measure recommended by Atlassian that will be lifted once upgrade of the affected system to a fixed version has been completed.
We will contact our customers individually once upgrade of their systems has been completed and we have lifted the temporary protective measures.
We are closely following the situation and are prepared to implement further measures if they are required.
For more detailed information regarding the vulnerabilities, please see Atlassian's official announcements: