Finding and Reporting a Security Issue
If you find a security issue in the product, open an issue on http://jira.atlassian.com in the relevant project.
- Set the security level of the bug to 'Reporters and Developers'.
- Set the priority of the bug to 'Blocker'.
- Provide as much information on reproducing the bug as possible.
All communication about the security issue should be performed through JIRA, so that Atlassian can keep track of the issue and get a patch out as soon as possible.
If you cannot find the right project to file your issue in, email the details to security@atlassian.com.
Further reading
See Atlassian Support Offerings for more support-related information.