XXE (XML External Entity Injection) org.apache.tika:tika-core Dependency in Bamboo Data Center and Server

This High severity XXE XML External Entity Injection vulnerability was introduced in versions 9.6.1, 10.0.0, 10.1.0, 10.2.0, 11.0.0, and 12.0.0-rc3 of Bamboo Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 8.4 and a CVSS Vector of...

XXE (XML External Entity Injection) Tika Dependency in Jira Service Management Data Center and Server

This Jira Service Management release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path...