Scanners may falsely flag some versions of Jira Software Server before 8.5.5 as vulnerable to an Insecure Deserialization issue in Jackson Databind (CVE-2018-14720). This vulnerability in a transitive dependency was being flagged because Jira Software assumed the version of applinks provided by Jira Core was an earlier version of applinks but Jira Core was actually providing a newer version that was not vulnerable to CVE-2018-14720. Jira Software Server has been updated to assume that Jira Core is providing the newer version of applinks so that scanners should not flag this issue in versions after 8.5.5.