A security vulnerability in Content Formatting for Confluence version 6.0.0 - 6.2.4 (inclusive) has been discovered. The vulnerability, CVE-2018-7489, is classified as critical according to Atlassian's security severity levels.
We strongly recommend customers using an affected version update to version 6.2.5 of Content Formatting immediately.
How to fix the vulnerability
This vulnerability can be fixed by upgrading Content Formatting to 6.2.5 or above. Full instructions on how to upgrade an app can be found on Atlassian's support page. If you're unable to update immediately, we recommend disabling Content Formatting until you are able to do so.
Adaptavist is committed to providing powerful, yet secure applications for Atlassian products and we are unaware of any instances of this vulnerability being exploited across our customer base. If you have urgent questions please contact our support team.