We recently have got a Vulnerability reported for our Release Management Cloud App in scope of Cloud Security Participant program we are doing with Atlassian / Bugcrowd. We fixed it there but also decided to go extra mile and change it for our Gadgets App as well.
The essence of change is move from plain JQL in Burnups, Trends and Universal Gadgets that we find more user friendly to predefined JQL filters that are more secure. Thus we won't expose to the users some privacy information that might be hard coded in custom JQL.
Users of Cloud App will get this automatically. If you are Server or Datacenter user the change will be applicable only in case you upgrade the version of the App from the Marketplace.