Atlassian has released its July 2025 Security Bulletin, outlining the resolution of 20 high-severity vulnerabilities impacting multiple Data Center and Server products. Atlassian says the bulletin—published on July 15—reaffirms their ongoing commitment to transparency and the proactive mitigation of security risks across its extensive product portfolio.
Vulnerability Overview
The identified vulnerabilities originate from a combination of sources, including Atlassian’s Bug Bounty program, internal penetration testing, and scans of third-party libraries. These collective efforts underscore the company’s multilayered approach to product security.
Details at a Glance:
- Vulnerabilities disclosed: 20 (all high-severity)
- Discovery sources: Bug Bounty program, internal penetration testing, third-party library reviews
- Impacted products: Diverse Atlassian Data Center and Server offerings
Guidance for Customers
Atlassian advises all customers to take immediate corrective action:
- Upgrade Affected Instances: Patch systems to the most recent or recommended fixed versions as specified in official release notes.
- Address Unsupported Versions: Users running deprecated or unsupported versions should migrate to current supported releases, specifically Long-Term Support (LTS) releases when available.
- Review LTS Update Schedules: LTS branches may not receive prompt updates for all vulnerabilities. Customers are encouraged to consult Atlassian’s Security Bug Fix Policy for information about backported fixes.
- Access Latest Versions: The most current product versions can be downloaded from Atlassian’s official portal or individual product release notes.
About the Monthly Security Bulletin
Atlassian’s monthly Security Bulletins are strategically scheduled to address significant vulnerabilities of high—but not critical—severity, supporting a reliable update cadence for IT administrators. The company reserves separate, out-of-band Critical Security Advisories for urgent, high-impact vulnerabilities to ensure timely and targeted risk mitigation.
