An article was uploaded to Slashdot regarding two vulnerabilities in Atlassian Crowd. We have been unable to substantiate the existence of the second alleged vulnerability. The author of the article has not contacted Atlassian and has provided no details to us. If we can confirm that there is a vulnerability, a patch will be issued and all Crowd customers will be emailed details on how to update. We are taking it seriously and have reached out to the author directly for more details. If there is an alleged vulnerability, we will issue a patch.”]
Source: https://confluence.atlassian.com/crowd/crowd-security-notice-2013-07-01-376837074.html