...
They contain security patches for the following topics:
External Share for Jira (Server & Data Center)
XSS via attachment name on external page
XSS in view links form via user full name
XSS via attached SVG
XSS via attached HTML
Reflected XSS via redirect param on password page
Invalidated Redirect on password page
SQL Injection - GET /share (sort / sort order)
BAC | GET /mail Gain access to all shares
BAC | GET /share Gain access to all shares
BAC | PUT /share Gain access to all shares
BAC | Attachment (media-proxy) - access to already generated media was not revoked after share settings changed
...