There is a high severity security vulnerability in multiple Atlassian products including recent versions of Jira and Confluence. Read more to know how to fix the problem.

Vulnerability was found on the 1st of November and was rated “high” according to the scale that Atlassian uses:

A vulnerability has been identified affecting multiple Atlassian products where special characters, known as Unicode bidirectional override characters, are not rendered or displayed in the affected applications.

Danger lurks in the details, because while these special characters are not displayed by the browser or code editors, they can affect the meaning of the source code when it is processed by a compiler or an interpreter. Full list of affected software can be found here. To fix the problem you should update your application to the “safe” version. However you should check add-ons compatibility in the first place. In example the newest (and safe) Jira and Confluence versions are not yet supported by all app vendors. To be notified about the next release just go to the apps Atlassian Marketplace page and click Watch App.

If you have any questions, feel free to contact me at contact@jiraforthepeople.com.