That was fast
"The vulnerability has been present since early 2017," Atlassian told its punters. "We first became aware of the issue on July 12, 2018 PST and took immediate action to investigate the matter, issuing a fix early on July 16, 2018 PST."
The way other completely annoying and apparently-not-hard to fix problems with tons of votes are being handled by Atlassian it amazes me that they got to it before 2025.
Unless the problem is "solved" by dropping the feature which is the root cause .... like recursive table in Confluence, ain't it, Atlassian?