Do not file public GitHub issues for vulnerabilities, secrets, tokens, or private customer data.
Use Atlassian's security reporting process:
https://www.atlassian.com/trust/security/vulnerability-disclosure-policy
When sharing logs for normal support, redact:
- API tokens and access tokens
- email addresses if not needed
- private site names and cloud IDs
- private Jira, Confluence, Bitbucket, and customer URLs
- customer or proprietary content