Upgrading to 5.5.1 from 5.4.3 didn't update xwork from 1.13 to 1.17

Type atlassian
Reporter sgoldberg
Modified 2017-02-17T04:32:38


We recently upgraded our instance following your security advisory. It was discovered shortly after the upgrade that the xwork file that was vulnerable (1.13) was not upgraded to the safe version (1.17). This could have just been specific to our instance but you should check your upgrade process and see if the correct file is bundled and the update process is actually updating it.