Affected versions of Jira Server have a SQL injection vulnerability that has now been fixed by removing the vulnerable HipChat integration plugin.
Affected versions: * versions < 8.14.0
Fixed versions: * 8.14.0
The plugin is no longer installed in new versions of Jira. However, the removal of the plugin was not back-ported to an LTS release. Therefore, as a workaround, we recommend disabling the plugin.