Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions 8.5.4 LTS (Data Center and Server) and 8.6.0 and 8.7.1 (only Data Center), so some customers have already upgraded to those or to later versions.

Source: Help Net Security