Finding and Reporting a Security Vulnerability
If you find a security bug in the product, please open an issue on http://jira.atlassian.com in the relevant project.
- Set the priority of the bug to 'Blocker'.
- Provide as much information on reproducing the bug as possible.
- Set the security level of the bug to 'Developer and Reporters only'.
All communication about the vulnerability should be performed through JIRA, so that Atlassian can keep track of the issue and get a patch out as soon as possible.
Further reading
See Atlassian Support Offerings for more support-related information.